benchmark-worker
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands via subprocess modules to interact with necessary local utilities such as
awp-wallet,curl,jq, and theopenclawagent CLI. These operations are required for the worker to sign transactions and process benchmark tasks. - [EXTERNAL_DOWNLOADS]: Fetches software updates from the official GitHub repository of the author (
awp-core). These downloads are part of a maintenance routine to ensure the worker script remains compatible with the protocol. - [REMOTE_CODE_EXECUTION]: Implements a self-update mechanism in the Python worker script that periodically checks for new versions on the vendor's GitHub repository. If an update is detected, it pulls the latest code and restarts the process using process replacement. This is a standard deployment pattern for autonomous background workers.
- [PROMPT_INJECTION]: The skill ingests external question data and optional prompts from the Benchmark API to be processed by a sub-agent. This represents an indirect prompt injection surface, but it is the primary intended function of the skill to act as a benchmark participant.
Audit Metadata