openclaw-ai-agent-verification
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct users to download and install a CLI tool from an external repository (github.com/Virtual-Protocol/openclaw-acp) associated with the Cybercentry platform.\n- [COMMAND_EXECUTION]: The skill workflow depends on the execution of shell commands using the 'acp' tool to manage security audit jobs and monitor their status.\n- [PROMPT_INJECTION]: The skill ingests external data for auditing, creating an indirect prompt injection surface.\n
- Ingestion points: Untrusted data is provided to the skill through the 'config', 'skills', and 'message' parameters as described in the requirements schema in SKILL.md.\n
- Boundary markers: No delimiters or instructions to ignore embedded malicious content are specified in the documentation to protect the agent from processed data.\n
- Capability inventory: The skill uses the 'acp' CLI tool to perform network-based operations and execute commands related to job management.\n
- Sanitization: There is no documented validation or sanitization of the configurations or messages before they are processed by the tool.
Audit Metadata