The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The resource management module (server/resource-manager.js) provides a 'Credentials Vault' designed to store API keys and secrets. However, the current implementation stores these sensitive values in plaintext JSON files within the .mission-control/credentials/ directory. Although code comments indicate encryption is intended for production, the current code exposes credentials to anyone with access to the local data directory.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated task creation features.
Ingestion points: server/telegram-bridge.js parses Telegram group messages for mentions, and server/agent-bridge.js parses OpenClaw session logs. Content from these untrusted sources is used to populate task titles and descriptions.
Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands when the agent processes tasks created from these sources.
Capability inventory: The system includes whitelisted command execution (/api/cli/run), file system write operations, and outgoing webhook notifications.
Sanitization: A basic sanitizeInput helper in server/index.js strips common injection symbols like backticks and pipes, but it does not mitigate logical prompt injection attacks.
[COMMAND_EXECUTION]: The server provides an API endpoint (/api/cli/run) that allows the dashboard to execute system commands like uptime, df, and free, as well as OpenClaw control commands. While restricted by a hardcoded whitelist, this creates a mechanism for system interaction that must be monitored.
[EXTERNAL_DOWNLOADS]: The scripts/update-mission-control.sh script downloads a code archive from missiondeck.ai and extracts it to update the system. This is a primary function of the skill but involves remote code retrieval.

jarvis-mission-control