Skills
skills/firecrawl/openclaw/oracle/Gen Agent Trust Hub

oracle

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill metadata defines an installation path using the @steipete/oracle package from the npm registry.
  • [COMMAND_EXECUTION]: Multiple examples are provided for executing the oracle CLI, including usage of npx -y to run the package without interactive confirmation.
  • [DATA_EXFILTRATION]: The tool is designed to bundle local files and send them to external AI models via API or browser automation. The documentation explicitly includes safety warnings advising users to redact secrets, environment variables, and authentication tokens before use.
  • [PROMPT_INJECTION]: As the tool ingests local file content directly into LLM prompts via the --file argument, it represents a surface for indirect prompt injection. The skill does not define specific boundary markers for this untrusted data, although this is inherent to the tool's intended functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 12:42 PM