log-analysis
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill documentation describes reading sensitive system log files and transmitting the data to an external API.
- Evidence: The skill references accessing /var/log/syslog and /var/log/auth.log, which contain sensitive system and authentication events.
- Evidence: Examples show sending log data to https://api.openclaw.com/api/v1/logs/analyze, an external domain not associated with the author or trusted vendors.
- [EXTERNAL_DOWNLOADS]: Usage examples demonstrate fetching data from arbitrary remote URLs.
- Evidence: A usage example shows the command logs=$(curl http://server/logs.txt), which downloads content from a remote server to be processed by the agent.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted log data that could contain malicious instructions.
- Ingestion points: The skill ingests data from local log files (/var/log/syslog, /var/log/auth.log) and remote streams.
- Boundary markers: No boundary markers or instructions to ignore embedded commands are specified in the prompt/skill description.
- Capability inventory: The skill can perform network operations via curl and execute the log-analysis CLI tool.
- Sanitization: No mention of log sanitization, filtering of control characters, or instruction stripping is provided.
Audit Metadata