openclaw-config-helper
Fail
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/check_config.shis vulnerable to shell command injection. - The variable
CONFIG_PATHis assigned directly from user-supplied input ($1) without sanitization. - This variable is then interpolated into a shell command:
jq -r ".$CONFIG_PATH" ~/.openclaw/openclaw.json. - An attacker can escape the string and execute arbitrary commands by providing input such as
foo" | command #. - [CREDENTIALS_UNSAFE]: The skill instructions in
SKILL.mdexplicitly encourage the unsafe practice of hardcoding sensitive credentials. - In "案例 3: pass: 格式的 apiKey 不被支持", the documentation states that API keys "必须硬编码真实 key" (must be hardcoded with the real key) because external references are not supported.
- It provides a visual example of hardcoding an OpenAI API key (
sk-f873092ea177b75b...). Hardcoding secrets in configuration files is a high-risk practice that leads to credential exposure. - [EXTERNAL_DOWNLOADS]: The skill references and fetches documentation from external sources to guide the agent's actions.
- It uses
web_fetchto retrieve content fromdocs.openclaw.ai(e.g.,/channels/telegram,/gateway/configuration-reference). - [DATA_EXPOSURE]: The skill facilitates the reading and modification of
~/.openclaw/openclaw.json. - This is a sensitive system configuration file that likely contains bot tokens and API keys. While the primary purpose is legitimate configuration management, the lack of input validation in the helper script poses a risk to this data.
Recommendations
- AI detected serious security threats
Audit Metadata