arch-clean
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard developer utility for implementing hexagonal architecture patterns through code generation and refactoring.
- [COMMAND_EXECUTION]: The skill uses the openclaw CLI to perform local file operations like generating interfaces and inverting dependencies. These operations are restricted to local file paths provided by the user.
- [EXTERNAL_DOWNLOADS]: Recommends installing the openclaw package via npm, which is a legitimate vendor resource consistent with the skill's functionality.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted code from user-defined paths (e.g., src/services) and performs file writes. This surface is inherent to its primary purpose as a refactoring tool. 1. Ingestion points: local file paths; 2. Boundary markers: absent; 3. Capability inventory: file write and CLI execution; 4. Sanitization: absent.
Audit Metadata