coding-web
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of instructions and documentation for web development tasks. No executable code or malicious logic was found.
- [CREDENTIALS_UNSAFE]: The documentation follows secure practices by using environment variable placeholders (e.g., $OPENCLAW_API_KEY) for authentication, which avoids the risk of hardcoded secrets.
- [EXTERNAL_DOWNLOADS]: References to external resources involve standard package managers and legitimate tools, such as 'npm install express' and 'npm install openclaw-vscode'.
- [PROMPT_INJECTION]:
- Ingestion points: The skill accepts file inputs via the CLI (e.g., --file app.js) for debugging purposes.
- Boundary markers: No specific boundary markers are mentioned in the usage examples.
- Capability inventory: The skill is designed to generate boilerplate code and suggest fixes for JavaScript and TypeScript issues.
- Sanitization: No explicit sanitization or input validation for processed code files is described.
- Note: This reflects a typical attack surface for developer productivity tools and is documented neutrally as it is a core feature of the skill's intended purpose.
Audit Metadata