The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The configuration file ecosystem.config.cjs contains a hardcoded default password (ZionMatrix2026!) and a static agent token used for API authentication.
[COMMAND_EXECUTION]: The server implements an endpoint at /api/cli/run that allows for the execution of shell commands. While restricted to a whitelist (e.g., openclaw, df, free), this capability provides a bridge between the web interface and system-level operations.
[DATA_EXFILTRATION]: The ResourceManager class in server/resource-manager.js manages sensitive credentials but currently stores them in plaintext JSON files. The API allows retrieval of these values through the includeValue parameter, creating a high risk of sensitive data exposure if the service is compromised or an agent is manipulated. Furthermore, the file-serving route in server/index.js allows downloading any file from the data directory, including the plaintext credential files.
[EXTERNAL_DOWNLOADS]: Several utility scripts (check-updates.sh, update-mission-control.sh) fetch version information and download software updates from the developer's domain at missiondeck.ai. The system also synchronizes data with Supabase endpoints.
[PROMPT_INJECTION]: The skill exhibits a significant indirect prompt injection surface. The agent-bridge.js component monitors Telegram logs and automatically generates task cards from messages mentioning agents. These task descriptions are subsequently processed as instructions by the AI agents, potentially allowing external users to execute malicious instructions by injecting them into Telegram conversations.

jarvis-mission-control