find-skills
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads binary archives and metadata from
lightmake.siteand Tencent Cloud Object Storage (myqcloud.com). - Evidence:
SKILLHUB_INSTALL_KIT_URL,SKILLHUB_SEARCH_URL, andSKILLHUB_PRIMARY_DOWNLOAD_URL_TEMPLATEinscripts/skillhub_tool.py. - [REMOTE_CODE_EXECUTION]: The
bootstrapandinstallcommands download zip/tar archives from the internet and extract them into the workspace or user home directory, effectively installing external executable scripts. - Evidence:
install_skill_archiveandcommand_bootstrapfunctions usingsafe_extract_zipandsafe_extract_tarinscripts/skillhub_tool.py. - [COMMAND_EXECUTION]: The script executes shell commands via the
subprocessmodule to configure the local 'openclaw' environment, detect software versions, and manage a local gateway process. - Evidence: Calls to
subprocess.runandsubprocess.Popeninconfigure_plugin,disable_plugin_if_present, andrestart_gateway_if_needed. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted metadata (skill names and summaries) from a remote API which are then presented to the agent.
- Ingestion points:
fetch_search_resultsinscripts/skillhub_tool.py. - Boundary markers: Absent in the prompt construction.
- Capability inventory: Subprocess execution, file system modifications, and network requests are available via the skill's own tooling.
- Sanitization: No sanitization is performed on the descriptive strings retrieved from the API before they are output to the agent.
Audit Metadata