Skills
skills/aaaaqwq/claude-code-skills/openclaw-inter-instance/Gen Agent Trust Hub

openclaw-inter-instance

Warn

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides explicit instructions and examples for using the nodes.run tool to execute arbitrary shell commands on remote linked machines, including repository cloning and system link creation.
  • [PROMPT_INJECTION]: The skill instructs the agent to use CRITICAL IDENTITY forced declarations to override internal model personas or constraints, specifically targeting models like GLM-5. It also defines a surface for indirect prompt injection through its core multi-agent communication features.
  • Ingestion points: Inter-agent messaging via sessions_send and remote memory file ingestion.
  • Boundary markers: No delimiters or isolation instructions are provided for incoming agent messages.
  • Capability inventory: nodes.run (remote command execution) and sessions_send (inter-agent messaging).
  • Sanitization: No sanitization or validation of external instructions from other instances is implemented.
  • [DATA_EXFILTRATION]: The skill establishes communication channels between instances and external messaging services like Telegram, which could be leveraged to exfiltrate data if the agent or a linked node is compromised.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 20, 2026, 11:22 AM