proactive-agent
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is explicitly designed to execute arbitrary shell commands (e.g., 'systemctl restart service') autonomously based on configured rules. This allows for the execution of system-level operations without real-time user verification.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface. It monitors external environment data, such as CPU metrics, file properties, and API responses, to trigger actions. An attacker who can influence these monitored conditions might be able to trigger unintended system commands or network requests.
- Ingestion points: System metrics (CPU, memory), file system properties (file size), and external API/webhook responses.
- Boundary markers: None specified in the documentation or configuration examples.
- Capability inventory: Execution of system commands ('exec') and outbound network requests ('fetch', 'curl', webhooks).
- Sanitization: No evidence of input validation or command escaping for interpolated data.
- [EXTERNAL_DOWNLOADS]: The skill communicates with 'api.openclaw.com' for coordination and supports user-defined webhooks. These network operations are part of the core functionality but involve outbound traffic to vendor and potentially third-party infrastructures.
Audit Metadata