anygen
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to read sensitive credentials (app_id and app_secret) from a local configuration file at ~/.openclaw/openclaw.json for integration with the Feishu platform.
- [DATA_EXFILTRATION]: The harvested credentials are transmitted to https://open.feishu.cn via curl to obtain access tokens. Although Feishu is a well-known service, the extraction of secrets from local storage and their subsequent network transmission represents a security concern.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user input into its content generation workflow without protective boundaries.
- Ingestion points: User messages are ingested during the anygen task prepare step in SKILL.md.
- Boundary markers: No delimiters or safety instructions are present to prevent the agent from following instructions embedded within the user input.
- Capability inventory: The skill possesses significant capabilities including content task creation (anygen task create), file system access (cat), and network communication (curl).
- Sanitization: Input from user messages is not escaped or validated before being used to generate task prompts.
- [COMMAND_EXECUTION]: The workflow relies on the execution of multiple shell-based operations, including the anygen CLI tool, curl for file transfers, and jq for parsing sensitive configuration data.
Audit Metadata