Skills
skills/archieindian/openclaw-superpowers/skill-portability-checker/Gen Agent Trust Hub

skill-portability-checker

Warn

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the user to execute a provided Python script (check.py) that performs various system checks and file analysis within the user's extensions directory.
  • [COMMAND_EXECUTION]: The check.py script uses importlib.import_module() to verify the installation of Python modules identified in other skills. This results in the execution of the module's top-level code, which could lead to unintended code execution if malicious modules are present.
  • [PROMPT_INJECTION]: The skill processes untrusted input from other skills, creating a surface for indirect prompt injection.
  • Ingestion points: SKILL.md and companion script files in the extensions directory.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present.
  • Capability inventory: Dynamic module loading and filesystem scanning.
  • Sanitization: No validation or sanitization of ingested content before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 21, 2026, 05:56 AM