hiclaw-test
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Clones the HiClaw source code from Alibaba's official GitHub repository. This is the primary intended function of the skill for testing purposes.
- [COMMAND_EXECUTION]: Executes standard system and container commands including
git,make,docker logs, anddocker execto manage the testing lifecycle. - [REMOTE_CODE_EXECUTION]: Runs scripts and binaries contained within the cloned repository, such as
run-all-tests.shandexport-debug-log.py. These are executed in the context of project testing. - [DATA_EXFILTRATION]: Instructions guide the user to store sensitive environment variables (API keys and tokens) in a local configuration file
~/hiclaw-manager.env. This is a standard security practice for managing secrets in local development environments. - [INDIRECT_PROMPT_INJECTION]: The
hiclaw-debug.shscript parses Matrix message logs from workers. While these are external inputs, the script only performs pattern matching and logging for diagnostic purposes without executing the content of the messages.
Audit Metadata