cs-ml
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill sends model evaluation requests to an external API endpoint (https://api.openclaw.com/cs-ml/evaluate). This involves transmitting local model paths and performance metrics to a remote service as part of its core evaluation functionality.\n- [COMMAND_EXECUTION]: The skill automates the generation and execution of Python scripts for machine learning tasks, using libraries such as TensorFlow and Transformers based on user parameters provided via CLI or API. This behavior is inherent to the skill's purpose but involves dynamic code creation and execution.\n- [PROMPT_INJECTION]: The skill processes external data sources (e.g., image paths, text-based JSON datasets) which creates an indirect prompt injection surface. A malicious dataset could potentially contain instructions aimed at influencing the behavior of the agent during the training or evaluation process. \n
- Ingestion points: Dataset paths and evaluation data provided via CLI and API. \n
- Boundary markers: No delimiters or safety warnings for ignoring embedded instructions in ingested data are present in the documented patterns. \n
- Capability inventory: Generates and executes scripts that perform file system access and training loops. \n
- Sanitization: No explicit content validation or sanitization for the processed data is mentioned.
Audit Metadata