Skills
skills/alphaonedev/openclaw-graph/arch-domain-driven/Gen Agent Trust Hub

arch-domain-driven

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the openclaw CLI to perform local filesystem operations, such as creating directories and generating code files.
  • [EXTERNAL_DOWNLOADS]: Recommends installing the openclaw Python package from a public registry, which is a dependency outside of the predefined trusted vendors list.
  • [DATA_EXFILTRATION]: Performs network requests to an external API endpoint (/api/v1/ddd/) via curl and Python code to transmit domain data.
  • [PROMPT_INJECTION]: Contains a vulnerability surface for indirect prompt injection where unvalidated user inputs are used to generate executable Python code.
  • Ingestion points: Command-line arguments and API fields such as --name, --properties, and --invariants (File: SKILL.md).
  • Boundary markers: None identified; input strings are directly interpolated into the file generation process.
  • Capability inventory: The tool creates directories and Python source files (.py) based on user input.
  • Sanitization: No evidence of input validation or content escaping to prevent malicious code injection into the generated output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 05:45 PM