openclaw-wiki
Fail
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Multiple installation and setup guides (e.g., "docs/start/getting-started.md", "docs/install/ansible.md") instruct users to execute remote shell scripts directly from "openclaw.ai" and GitHub repositories by piping them into "bash".
- [COMMAND_EXECUTION]: The documentation details the use of tools such as "exec" and "system.run" that enable arbitrary shell command execution on the gateway host or connected node devices.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for downloading and installing various third-party CLI tools and packages from external sources (e.g., "imsg", "gog", "wacli").
- [PROMPT_INJECTION]: Various agent workspace templates, such as "docs/reference/templates/AGENTS.md", provide instructions that define and can potentially override AI agent behavior.
- [DATA_EXFILTRATION]: The project's own threat model ("docs/security/THREAT-MODEL-ATLAS.md") identifies risks including the theft of authentication tokens stored in plaintext and data exfiltration through tools like "web_fetch". The documentation also mentions sensitive file paths such as "~/.ssh/" and App Store Connect variables.
Recommendations
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata