Skills
skills/build000r/skills/openclaw-docs-audit/Gen Agent Trust Hub

openclaw-docs-audit

Fail

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation in SKILL.md includes a command that downloads a script from a remote URL and pipes it directly to the bash shell (curl -fsSL https://openclaw.ai/install.sh | bash). This pattern allows for the execution of arbitrary remote code from an untrusted third-party domain without integrity verification.
  • [PROMPT_INJECTION]: The skill is designed to audit external content, making it susceptible to indirect prompt injection where instructions hidden in the data could override agent behavior.
  • Ingestion points: The skill fetches release note bodies from GitHub using gh release view and scrapes external documentation from docs.openclaw.ai using WebFetch.
  • Boundary markers: There are no markers or instructions defined to delimit the external content or warn the agent to ignore embedded commands within the fetched data.
  • Capability inventory: The skill has the ability to execute shell commands via scripts/audit.sh and perform network operations.
  • Sanitization: No sanitization, escaping, or validation steps are performed on the external text before it is processed by the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://openclaw.ai/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 10, 2026, 02:39 PM