The Agent Skills Directory

[DATA_EXFILTRATION]: The script scans sensitive local file paths including ~/.password-store/api (the default location for the 'pass' password manager) and ~/.openclaw/agents. It specifically checks for the existence of GPG-encrypted files to determine if specific service keys are configured. Although the script does not read the contents of the secrets or transmit data externally, this type of environmental discovery of sensitive metadata is high-privilege behavior.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting untrusted content from SKILL.md files of other installed skills. It extracts fields such as 'how to get' and 'config steps' and includes them in its summary report without sanitization. If a scanned skill contains malicious setup instructions, this checker would propagate those instructions to the agent's context, potentially leading the agent to execute dangerous commands.\n- [COMMAND_EXECUTION]: The skill requires the execution of a local Python script (check_configs.py) to perform its scanning and reporting functions. This script interacts directly with the local file system to traverse directories and parse configuration files.

skill-config-checker