dms-data-agent
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The CLI uses
subprocess.Popenincli/worker_utils.pyto spawn background worker processes by re-executing its own script. This design is explicitly intended to handle long-running analysis tasks in the background without blocking the user interaction loop. - [COMMAND_EXECUTION]: In
cli/notify.py, the skill executes standard system utilities (which) and platform-specific CLI tools (openclaw,clawdbot) to detect and interact with the host environment for sending user notifications. - [DATA_EXFILTRATION]: The skill contains a notification feature in
cli/notify.pythat can send session progress updates to an external endpoint defined by theASYNC_TASK_PUSH_URLenvironment variable. This egress point is designed for platform integration and is gated by user-configured environment variables. - [EXTERNAL_DOWNLOADS]: The
data_agent/file_manager.pymodule supports downloading generated reports and data artifacts from Alibaba Cloud OSS URLs provided by the backend service during the analysis process. - [SAFE]: The skill demonstrates best practices for credential management by instructing users to use environment variables or protected configuration files (
.env,openclaw.json) rather than hardcoding sensitive information.
Audit Metadata