soar
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill dynamically fetches workflow configurations (playbooks) and security enrichment data from external API endpoints at runtime.
- [COMMAND_EXECUTION]: Executes multi-step security playbooks capable of performing system-level actions such as isolating hosts or blocking network traffic.
- [DATA_EXFILTRATION]: Transmits the user's SOAR API key and incident metadata to api.openclaw.com, which is an external domain not recognized as a trusted organization or well-known service.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources (SIEM alerts, threat intelligence feeds, and remote playbooks) to drive automated decision-making.
- Ingestion points: API responses from OpenClaw, enrichment data from third-party services like VirusTotal, and inbound events from integrated SIEM tools.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are documented for the processing of external data.
- Capability inventory: Possesses the ability to block IPs, isolate network hosts, and execute arbitrary logic defined in YAML playbooks.
- Sanitization: The skill description does not specify methods for validating or filtering the content of ingested security alerts or remote configurations.
Audit Metadata