evaluate
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill's automation instructions (LOOP-PROMPT.md and LOOP.md) command the agent to use flags like --dangerously-skip-permissions to suppress safety prompts and consent requirements.
- [REMOTE_CODE_EXECUTION]: The skill establishes a recurring automation loop (OPENCLAW-SETUP.md) that pulls code from a remote repository and executes it via a persistent cron job.
- [COMMAND_EXECUTION]: The self-improvement workflow executes multiple shell commands automatically, including repository cloning and package installation, within an environment where security constraints are disabled.
- [REMOTE_CODE_EXECUTION]: The evaluation engine (run.js) utilizes Playwright to render and execute arbitrary HTML content without sanitization, creating an attack surface for indirect injection vulnerabilities.
- [EXTERNAL_DOWNLOADS]: The skill downloads dependencies from npm and content from vendor repositories on GitHub. Although the sources are within the vendor's scope, the automated and privileged execution context remains a security concern.
Recommendations
- AI detected serious security threats
Audit Metadata