Skills
skills/alphaonedev/openclaw-graph/shader-programming/Gen Agent Trust Hub

shader-programming

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for executing external binaries such as glslangValidator and fxc through a --subprocess flag and Python's subprocess.run module. This design allows for the execution of arbitrary shell commands if the inputs are not strictly validated.
  • [EXTERNAL_DOWNLOADS]: The skill is configured to communicate with an external API at https://api.openclaw.com/api/shader/generate. This involves transmitting data to a remote service and receiving generated code, which is a standard part of the vendor's provided functionality.
  • [CREDENTIALS_UNSAFE]: The documentation references the use of an OPENCLAW_API_KEY environment variable for authenticated API requests. While no actual credentials are hardcoded in the skill, it establishes a pattern for handling sensitive tokens that could be targeted in a compromised environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 05:44 PM