openclaw-admin
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates administrative tasks through the
openclawCLI, enabling the management of cluster gateways and agent lifecycle operations.\n- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection via the processing of external configuration files.\n - Ingestion points: The
openclaw config patch --filecommand reads data from external JSON files (SKILL.md).\n - Boundary markers: No specific delimiters or instructions are provided to the agent to treat file-based content as untrusted or to ignore instructions embedded within the patches.\n
- Capability inventory: The skill can execute local system commands and perform network operations.\n
- Sanitization: No logic is documented for validating or sanitizing the content of the configuration files before they are processed by the CLI tool.\n- [EXTERNAL_DOWNLOADS]: The
openclaw gateway updatecommand allows for fetching and installing specific versions of the gateway software from vendor repositories.\n- [DATA_EXFILTRATION]: The skill usescurlto make network requests toapi.openclaw.comfor gateway management and status checks.\n- [CREDENTIALS_UNSAFE]: The documentation describes the use of theOPENCLAW_API_KEYenvironment variable for authentication and provides standard placeholder examples for its configuration.
Audit Metadata