Skills
skills/g3niusyukki/xianyu-openclaw/xianyu_metrics/Gen Agent Trust Hub

xianyu_metrics

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the bash tool to execute Python commands (python -m src.cli) within a fixed directory path (/home/node/.openclaw/workspace) to generate dashboards, daily reports, and data exports.
  • [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection as the skill processes external data from the Xianyu platform.
  • Ingestion points: The skill retrieves store data, product details, and customer inquiries via src.cli.
  • Boundary markers: None explicitly defined; the agent is tasked with formatting the tool's JSON output into human-readable tables.
  • Capability inventory: The agent has access to the bash tool for command execution.
  • Sanitization: No specific filtering or instructions to ignore embedded commands in the source data are provided.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 03:30 AM