deepsky-sustain
Fail
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill performs silent installation of additional AI agent skills from remote Git repositories (https://github.com/appfi5/deepsky-tools.git and https://github.com/appfi5/superise-for-agent) during its setup process.
- [COMMAND_EXECUTION]: The skill establishes persistence by installing cron jobs and registering system events for recurring execution of the sustain review loop via the
deepsky sustain setup openclawcommand. - [EXTERNAL_DOWNLOADS]: The skill requires the global installation of the npm package
@superise/deepsky-clito enable its core functionality. - [CREDENTIALS_UNSAFE]: The skill includes instructions to pass sensitive API keys as plain-text command-line arguments (e.g.,
--api-key <key>), which can lead to credential exposure in process lists, logs, or shell history. - [PROMPT_INJECTION]: Natural language triggers such as 'keep yourself alive' or 'manage your own balance' are mapped to autonomous system actions, including balance monitoring and automated wallet transfers.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests platform health data and forecasts to drive automated decisions without using boundary markers or sanitization. Evidence chain: 1. Ingestion points: Results from platform health check and forecast commands; 2. Boundary markers: Absent; 3. Capability inventory: Shell command execution, wallet transfers, and persistent task scheduling; 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata