Skills
skills/goodrahstar/dailyhackerskills/clawdbot-setup/Gen Agent Trust Hub

clawdbot-setup

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The instructions require installing global packages from unverified sources, including clawdbot via npm, composio via pip, and gogcli via a personal Homebrew tap. None of these are in the Trusted Sources list.
  • COMMAND_EXECUTION (HIGH): The command clawdbot onboard --install-daemon --non-interactive --accept-risk installs the agent as a background service (LaunchAgent or systemd). This creates persistence on the host machine and explicitly requires bypassing safety warnings with the --accept-risk flag.
  • REMOTE_CODE_EXECUTION (HIGH): By installing unverified CLI tools that then install background services and browser extensions, the skill establishes a chain that allows for full remote control of the host system.
  • CREDENTIALS_UNSAFE (MEDIUM): The setup process involves entering multiple high-value API keys (Gemini, Claude, Composio, Telegram) into a CLI that stores them in a local JSON configuration file (~/.clawdbot/clawdbot.json).
  • INDIRECT PROMPT INJECTION (HIGH): While not explicitly a category in the enum, the skill configures the agent to process untrusted data from Telegram and Gmail while possessing the capability to send emails and execute commands, creating a massive attack surface for indirect injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:06 AM