Skills
skills/alphaonedev/openclaw-graph/macos-launchd/Gen Agent Trust Hub

macos-launchd

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes high-privilege commands using sudo launchctl to manage system-wide services in /Library/LaunchDaemons and establish system persistence.
  • [COMMAND_EXECUTION]: Utilizes osascript to programmatically control user login items and executes an external binary (openclaw-gateway) as a persistent background process.
  • [CREDENTIALS_UNSAFE]: Provides instructions to store sensitive API keys (OPENCLAW_API_KEY) in plaintext within XML configuration (plist) files on the local filesystem.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by generating system-level configuration files from user-supplied data.
  • Ingestion points: Programmatic creation of .plist files from user-provided arguments.
  • Boundary markers: No specific boundary markers or 'ignore' instructions are implemented to separate user data from service logic.
  • Capability inventory: Full access to launchctl, sudo, and osascript for service lifecycle management and persistence.
  • Sanitization: Uses plutil -lint for syntax validation but lacks content-level sanitization to prevent malicious instruction injection into service parameters.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 05:44 PM