vector-db
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill does not bundle executable scripts or binaries, consisting entirely of Markdown instructions and code snippets for the agent to follow.
- [COMMAND_EXECUTION]: The instructions direct the agent to execute a local CLI tool named
vector-dbto perform index operations and data insertion. - [DATA_EXFILTRATION]: The skill sends vector data and metadata to an external, non-whitelisted API endpoint at
api.openclaw.com. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it handles untrusted external data.
- Ingestion points: Data enters the context via the
vectorsandmetadataparameters in both CLI commands and API requests. - Boundary markers: The skill relies on JSON structural formatting to separate data from instructions but lacks explicit guardrail prompts to ignore embedded instructions within the metadata.
- Capability inventory: The skill utilizes
requestsfor network communication and subprocess execution for CLI operations. - Sanitization: While the documentation suggests validating inputs, there is no evidence of specific sanitization or filtering logic to prevent malicious payloads in the metadata from influencing the agent's logic.
Audit Metadata