abtesting
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits data to an external API endpoint (
api.openclaw.ai). It also describes patterns for connecting to external databases using connection strings (e.g.,postgres://user:pass@host/db), which involves the handling of sensitive database credentials. - [COMMAND_EXECUTION]: The skill relies on the execution of a local CLI tool (
abtest) to perform calculations and process configuration files. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks. It ingests untrusted data from experiment results and external configuration files (
experiment.json). These inputs influence the logic of the skill, which possesses capabilities for network communication and database access. The skill lacks documentation regarding input sanitization or the use of boundary markers to isolate untrusted content. - [EXTERNAL_DOWNLOADS]: The skill documentation references external software components, including the
openclaw.abtestingPython library and theabtestCLI, which are not listed in the skill's formal dependency metadata.
Audit Metadata