openclaw-ops
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
openclawCLI and system utilities such aslaunchctlto manage service lifecycles, install system-level services, and modify configuration parameters. These commands operate directly on the host environment to perform administrative tasks. - [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by design, as it instructs the agent to retrieve and analyze external data from channel logs and messages.
- Ingestion points: Untrusted content is ingested into the agent's context through the
openclaw logsandopenclaw message readcommands. - Boundary markers: No explicit delimiters or instructions to disregard instructions within the ingested data were identified in the skill's directives.
- Capability inventory: The agent has broad execution capabilities, including service management, configuration editing, and the ability to send messages across integrated communication channels.
- Sanitization: The provided files do not describe any mechanisms for sanitizing or validating the contents of retrieved logs or messages prior to processing.
Audit Metadata