Skills
skills/composiohq/openclaw-composio/oracle/Gen Agent Trust Hub

oracle

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill metadata defines the installation of the @steipete/oracle package from the npm registry as a required dependency.
  • [COMMAND_EXECUTION]: The skill provides instructions for executing the oracle command-line tool and using npx -y to run commands from the npm registry without manual confirmation.
  • [DATA_EXFILTRATION]: The documented tool is designed to transmit local file contents and prompts to external AI model providers (OpenAI, Gemini) or via browser automation.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting repository file content via glob patterns for processing by an LLM.
  • Ingestion points: Local files selected through --file arguments in the oracle CLI as described in SKILL.md.
  • Boundary markers: No specific boundary markers or instructions are provided to the model to ignore embedded instructions in the ingested file content.
  • Capability inventory: The oracle binary can read local files and perform network requests to external API endpoints or browser engines.
  • Sanitization: No explicit sanitization or validation of the file content is mentioned before it is sent to the external model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 09:12 PM