mission-control
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]\n
- The installation documentation suggests running a script via
curl -fsSL https://raw.githubusercontent.com/builderz-labs/mission-control/main/install.sh | bash. This fetches the official installer from the vendor's repository and is part of the standard deployment process.\n - Suspicious strings detected by automated scanners (such as
evil.com) are part of the security test suite insrc/lib/__tests__/injection-guard.test.ts. These patterns are used to verify the effectiveness of the project's own injection protection filters and are not malicious payloads.\n- [COMMAND_EXECUTION]\n - The application uses
child_process.spawnwithinsrc/lib/command.tsto interact with theopenclawandclawdbotCLI tools. This behavior is a core requirement for the dashboard's functionality in orchestrating AI agents.\n- [EXTERNAL_DOWNLOADS]\n - Deployment and maintenance scripts (e.g.,
scripts/deploy-standalone.sh) performgit fetchandpnpm installoperations to pull software updates and dependencies from well-known official registries like npmjs.org.\n- [PROMPT_INJECTION]\n - The skill implements a robust defensive layer in
src/lib/injection-guard.tsthat uses regular expressions to detect and block prompt injection, command injection, and data exfiltration attempts in user-provided content.
Audit Metadata