worker-management
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell scripts to perform administrative tasks, including Matrix account registration, room creation, and container orchestration.\n- [CREDENTIALS_UNSAFE]: The skill manages sensitive worker data, including the generation of storage passwords. The documentation explicitly instructs the agent to display these credentials in plain text in the chat interface to facilitate remote worker installation. The skill also accesses configuration files located at
/data/hiclaw-secrets.envand/data/worker-creds/, which is standard for the platform's credential management.\n- [EXTERNAL_DOWNLOADS]: The scripts fetch thecopaw-workerpackage from the Alibaba Cloud PyPI mirror during worker setup and for remote installation commands.\n- [PROMPT_INJECTION]: Indirect prompt injection attack surface evaluation.\n - Ingestion points: Worker role descriptions provided by the user and skill metadata read from
~/worker-skills/.\n - Boundary markers: None present in the
SOUL.mdoropenclaw.jsontemplates.\n - Capability inventory: Execution of shell scripts, system file access, container API interaction, and network operations via
curl.\n - Sanitization: Sanitization is limited to regex validation of worker names; role descriptions are not sanitized for embedded instructions.
Audit Metadata