auth-manager
Warn
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill stores sensitive credentials, including cleartext usernames and passwords, in the
~/.openclaw/auth-platforms.jsonfile. This is a high-risk practice as any process with read access to the user's home directory can harvest these credentials. - [DATA_EXFILTRATION]: The skill manages and stores full Chrome user data profiles (cookies, localStorage, IndexedDB) in
~/.openclaw/chrome-profiles/. While necessary for session management, these files are highly sensitive and can be used for session hijacking if accessed by unauthorized actors. - [COMMAND_EXECUTION]: The skill relies on executing shell commands to manage browser instances, including
fast-browser-use,pkill, andtimeout. It also manipulates the system'sPATHandDISPLAYenvironment variables. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external websites via the
fast-browser-use snapshotcommand and processes the resulting DOM content usinggrepand keyword matching. - Ingestion points: Website content is retrieved via
fast-browser-use snapshotfrom arbitrary URLs defined in the platform configuration. - Boundary markers: No boundary markers or sanitization logic are defined for the scraped web content.
- Capability inventory: The skill can execute shell commands (
fast-browser-use,pkill), write to the file system (mkdir,jqredirects), and interact with active processes viaprocess.write. - Sanitization: There is no evidence of sanitization or escaping applied to the scraped DOM content before it is processed by the agent.
Audit Metadata