The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/uc_respond wrapper script executes external binaries. It searches for and executes a binary named ccurl from various system paths and environment variables (e.g., /home/openclaw/.openclaw/bin/ccurl or OPENCLAW_CCURL).
[COMMAND_EXECUTION]: The script supports executing arbitrary commands defined in the OPENCLAW_SOCIAL_REWRITE_CMD environment variable. It passes a JSON payload containing untrusted data (user feedback) to this command's standard input.
[DATA_EXFILTRATION]: The skill retrieves sensitive credentials, including OPENCLAW_API_KEY and OPENCLAW_MACHINE_SECRET, from various .env files and environment variables, transmitting them as headers to the remote API specified by OPENCLAW_API_URL.
[PROMPT_INJECTION]: The skill processes untrusted human feedback from an external API and interpolates it into a "rewrite brief" for a model, creating a surface for indirect prompt injection.
Ingestion points: Feedback messages are fetched from the /v0/approval-requests/{approval_id}/messages endpoint by scripts/uc_respond.
Boundary markers: The prompt construction in _build_social_rewrite_context_dump uses markers like <<LATEST_FEEDBACK>> to delimit content.
Capability inventory: The skill can perform network writes to the API and execute local shell commands via the rewrite and networking wrappers.
Sanitization: No sanitization or filtering is applied to the feedback content before it is interpolated into the prompt brief.

unclawg-respond