openclaw-control-center
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires cloning a repository from
https://github.com/TianyiDataScience/openclaw-control-center.git, which is an external source not associated with the skill author (adisinghstudent) or established trusted organizations.\n- [REMOTE_CODE_EXECUTION]: Following the download, the user is instructed to runnpm installandnpm run build. This allows for the execution of arbitrary scripts and binaries defined in the external repository on the local system.\n- [DATA_EXFILTRATION]: The skill is designed to access and read sensitive local file paths including~/.openclaw/local-token,~/.openclaw/openclaw.json, and~/.codex. These files contain authentication secrets and configuration data for the agent environment.\n- [PROMPT_INJECTION]: The dashboard ingests and displays untrusted data such as agent execution logs (agent.lastOutput) and memory files (dailyMemory.content). This represents an indirect prompt injection surface where malicious instructions embedded in the logs could influence the agent's behavior. The skill lacks documentation for input sanitization or boundary markers for these data sources.
Recommendations
- AI detected serious security threats
Audit Metadata