find-skills
Fail
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and install third-party skills from arbitrary GitHub repositories using
npx skills add <owner/repo@skill-name>. This allows for the installation and subsequent execution of unvetted code within the agent's workspace. - [COMMAND_EXECUTION]: The skill utilizes shell commands to create temporary directories, copy files into system-level paths (e.g.,
/root/.openclaw/skills/), and manage local skill configurations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It instructs the agent to research top results by fetching and reading their
SKILL.mdfiles. Maliciously crafted instructions within these files could manipulate the agent during the research or comparison phases. - Ingestion points: Content of
SKILL.mdfiles from third-party repositories identified during the search process. - Boundary markers: Absent; there are no instructions to use delimiters or to disregard embedded commands in the external data.
- Capability inventory: The agent has access to shell command execution (
npx,cp,rm,mkdir,openclaw) and network operations to fetch external content. - Sanitization: None; the skill does not specify any sanitization or validation logic for external content before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill relies on fetching data and executable packages from the
skills.shecosystem and various GitHub repositories which are not verified by the skill author.
Recommendations
- AI detected serious security threats
Audit Metadata