alicloud-platform-openclaw-setup-test
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill directs the agent to read
~/.openclaw/openclaw.json, a configuration file that contains sensitive credentials such as Discord bot tokens and DashScope API keys. Accessing files with credentials poses a high risk of exposure. - [COMMAND_EXECUTION]: The skill runs local commands (
openclaw --version,openclaw plugins list,openclaw doctor, andopenclaw gateway status) to verify installation. Executing system commands provides a vector for exploitation if the tool is compromised. - [EXTERNAL_DOWNLOADS]: The skill references an external URL (
https://docs.openclaw.ai/channels/index) to verify tool configuration. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting output from external commands. Ingestion points: Output from
openclaw doctorandopenclaw gateway status(SKILL.md). Boundary markers: Absent; there are no instructions to disregard potential instructions in the tool output. Capability inventory: File system access to credentials and CLI command execution (SKILL.md). Sanitization: Absent; no escaping or validation of command output is performed.
Recommendations
- AI detected serious security threats
Audit Metadata