skills/cybercentry/cybercentry-agent-skills/cybercentry-openclaw-ai-agent-verification/Gen Agent Trust Hub
cybercentry-openclaw-ai-agent-verification
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to clone a repository from
https://github.com/Virtual-Protocol/openclaw-acpand executenpm install. This source is not on the trusted vendors list, and installing external code from unverified repositories presents a security risk. - [DATA_EXFILTRATION]: The core functionality of the skill involves sending agent configurations to a remote service (associated with a Cybercentry wallet) via the
acp job createcommand. Although the skill provides clear guidance and examples for stripping secrets like API keys and database strings, the transmission of configuration metadata to an external entity remains a data exposure surface. - [COMMAND_EXECUTION]: The provided orchestration examples include bash scripts that execute shell commands such as
curl,jq, and theacpCLI tool to interact with remote services and process data. - [PROMPT_INJECTION]: The skill mentions detecting prompt injection as part of its audit service but does not contain injection patterns itself. However, it processes untrusted agent configuration data, which could be used as an indirect injection vector if the processing environment is not sufficiently isolated.
Audit Metadata