file-sync
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/copaw-sync.pyperforms process replacement usingos.execv. This is used as a bootstrapping mechanism to re-execute the sync logic within a specific virtual environment (/opt/venv/liteor/opt/venv/standard) where thecopaw-workerpackage is installed. - [DATA_EXFILTRATION]: The
scripts/push-shared.shscript facilitates the upload of local files and directories to a remote MinIO server using themc(MinIO Client) tool. This is the intended purpose of the 'push' functionality for sharing task results. - [CREDENTIALS_UNSAFE]: The synchronization scripts access sensitive filesystem credentials and connection endpoints via environment variables (e.g.,
HICLAW_FS_ACCESS_KEY,HICLAW_FS_SECRET_KEY). This follows standard practices for managed service authentication. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it downloads and instructs the agent to read data from external sources.
- Ingestion points: Files including configuration (
openclaw.json), personality definitions (SOUL.md), and task specifications (spec.md) are pulled from a remote MinIO bucket. - Boundary markers: None present; the agent is directed to directly read the content of synced files.
- Capability inventory: The skill can write to the filesystem, execute shell commands, and perform network operations via the MinIO client.
- Sanitization: There is no verification of the integrity or content of the downloaded files before the agent processes them.
Audit Metadata