tool-description-optimizer
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates entirely within the local environment. It performs file read operations on
SKILL.mdfiles within its parent directory tree to extract descriptions and writes its analysis state to a predefined local path (~/.openclaw/skill-state/). - [DATA_EXPOSURE_&_EXFILTRATION]: No sensitive file access or network operations were detected. The script does not utilize libraries like
requestsorurllib, and does not invoke system tools likecurlorwget. No hardcoded credentials or secrets are present. - [REMOTE_CODE_EXECUTION]: The skill does not download or execute external code. It has no dependencies on remote scripts and does not use dangerous functions such as
eval(),exec(), orsubprocess.run(). - [OBFUSCATION]: The Python source code and metadata are clear and readable. No evidence of Base64 encoding, hex escaping, or hidden characters was found.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests untrusted data from other skill descriptions, it does not process this data through an LLM or use it to construct executable commands. The risk of injection affecting the agent's behavior is negligible as the data is only used for local scoring and display.
- Ingestion points: Reads
descriptionfields fromSKILL.mdfiles across the local skills directory. - Boundary markers: Not applicable, as the data is not interpolated into a prompt.
- Capability inventory: No network access, no shell execution, and no file-write operations outside of its own state directory.
- Sanitization: The script tokenizes and filters text for scoring purposes but does not perform specific sanitization for LLM safety, which is appropriate for its local-only use case.
Audit Metadata