agentbox-bootstrap
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill identifies filesystem paths for sensitive root secrets, mnemonics, and private keys located at ~/.openclaw/agentbox/. While provided for administrative reference, these paths represent targets for potential data exposure if the agent is compromised.
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to use sudo systemctl for managing Caddy and ttyd services, as well as jq for programmatic modification of the core environment configuration file ~/.openclaw/openclaw.json.
- [EXTERNAL_DOWNLOADS]: The skill references a mechanism for updating its logic using npx skills add targeting the author's own repository (cascade-protocol/agentbox), which is a vendor-controlled resource.
- [PROMPT_INJECTION]: The skill's configuration and payment workflow establishes an indirect injection surface. Ingestion points: ~/.openclaw/openclaw.json and tool-derived financial data. Boundary markers: None. Capability inventory: sudo service control, filesystem write access via jq, and npx remote execution. Sanitization: No explicit validation or escaping is defined within the provided bootstrap documentation.
Audit Metadata