network-forensics
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes instructions to use
sudo setcap cap_net_raw+epon the tool binary. This grants the application elevated privileges to perform raw network captures, allowing it to monitor all traffic on the system interface. - [EXTERNAL_DOWNLOADS]: The skill relies on the
scapyPython library for packet processing and manipulation, which is a third-party dependency installed via pip. - [PROMPT_INJECTION]: The skill processes untrusted network data from PCAP files and live interfaces, creating a surface for indirect prompt injection.
- Ingestion points: PCAP file analysis and live network interface monitoring.
- Boundary markers: None specified in the documentation.
- Capability inventory: Integration with network tools (tcpdump, Zeek) and external API communications.
- Sanitization: No explicit packet content filtering or validation is described.
- [DATA_EXFILTRATION]: The skill transmits captured network data to an external API at
api.openclaw.comfor analysis, which is part of its core functionality for traffic investigation.
Recommendations
- AI detected serious security threats
Audit Metadata