hiclaw-find-worker
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script
hiclaw-find-worker.shusesnpx -y @nacos-group/clito fetch and run a package from the NPM registry at runtime. This process involves executing remote code without pinning a specific version, creating a potential security risk if the external package or registry is compromised. - [COMMAND_EXECUTION]: The skill invokes local system commands, including the
hiclawCLI for worker management andnpxfor registry interaction. This grants the skill the ability to perform tasks on the host system such as applying new worker configurations. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it retrieves template summaries from a remote Nacos registry and instructs the agent to interpret this data for the user.
- Ingestion points:
scripts/hiclaw-find-worker.shreads template lists and descriptions from themarket.hiclaw.ioregistry. - Boundary markers: No specific delimiters or instructions are used in the workflow to prevent the agent from following commands that might be embedded in the retrieved template metadata.
- Capability inventory: The skill allows for the installation of workers and execution of CLI tools with system access.
- Sanitization: External content retrieved from the registry is not sanitized before being presented to the agent for interpretation.
Audit Metadata