openclaw-local-mac-mini
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Privilege Escalation] (HIGH): The skill instructs the user to use administrative privileges to register system services.
- Evidence:
sudo launchctl load -w /Library/LaunchDaemons/com.openclaw.service.plistin SKILL.md. - [Persistence Mechanisms] (HIGH): The skill configures a
launchddaemon to ensure the agent persists across system reboots. - Evidence: Instruction to create and load a service plist in
/Library/LaunchDaemons/. - [Unverifiable Dependencies] (MEDIUM): The skill clones code from a GitHub repository (
openclaw/openclaw) that is not in the trusted source list. - Evidence:
git clone https://github.com/openclaw/openclaw.gitin SKILL.md. - [Indirect Prompt Injection] (LOW): The resulting agent deployment creates a surface for indirect prompt injection attacks.
- Ingestion points: OpenClaw local UI/API.
- Boundary markers: Absent from the setup documentation.
- Capability inventory: General agent workflows (implied system access).
- Sanitization: No sanitization or validation steps are provided for incoming data.
Audit Metadata