openclaw-admin
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill explicitly manages and provides instructions for retrieving sensitive data such as
gateway.auth.tokenandmodels.<provider>.apiKeyvia theopenclaw config getcommand as documented inreferences/config-paths.md. - [COMMAND_EXECUTION] (HIGH): The skill is granted
Bash(openclaw *)permissions, allowing it to execute powerful administrative subcommands includingdoctor --fixandsecurity audit --fixwhich modify system state and file permissions (chmod). - [DATA_EXFILTRATION] (HIGH): The ability to retrieve configuration values poses a critical risk. If an attacker can influence the agent's input, they could trick it into executing
openclaw config get gateway.auth.tokenand revealing the secret in the output. - [PROMPT_INJECTION] (HIGH): This finding identifies a high vulnerability surface for Indirect Prompt Injection.
- Ingestion points: The skill processes untrusted user input via the
<what to fix or configure>argument to determine which administrative actions to take. - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands in the user input.
- Capability inventory: The skill has the capability to modify global system configurations, change file permissions, and restart services.
- Sanitization: Absent. The skill relies on the agent's interpretation of the user's natural language request to select and execute bash commands.
Recommendations
- AI detected serious security threats
Audit Metadata