mobile
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides usage examples that employ
os.system()for executing CLI commands. The use ofos.system()with a single string argument is a dangerous practice that can be exploited for shell injection if input parameters like--app-pathare not strictly sanitized. - Evidence:
os.system('openclaw mobile validate --app-path ./myapp --store google')found in the Common Commands/API section. - [EXTERNAL_DOWNLOADS]: The skill documentation states that it can fetch data from 'unofficial scrapers' to provide guideline updates. This indicates a mechanism for downloading and processing content from unverified external sources, which may be controlled by malicious actors.
- Evidence: 'fetching Apple guidelines via unofficial scrapers (not recommended for production)' in the Key Capabilities section.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from untrusted external scrapers and possesses capabilities to execute subprocesses and make network requests. The documentation lacks mention of sanitization or boundary markers for this external data.
- Ingestion points: 'unofficial scrapers' referenced in SKILL.md.
- Boundary markers: None present.
- Capability inventory:
os.system,subprocess.run,requests.postin SKILL.md. - Sanitization: No sanitization or validation logic described in the documentation.
Audit Metadata