Skills
skills/gupsammy/claudest/claw-advisor/Gen Agent Trust Hub

claw-advisor

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the clawdocs and openclaw binaries via the Bash tool. These executions are constrained by tool-call prefixes and are used strictly for documentation retrieval and system health diagnostics.
  • [DATA_EXFILTRATION]: The agent can access OpenClaw configuration settings using the openclaw config get command. While this is used for the primary purpose of troubleshooting and setup advice, it grants the agent visibility into the application's configuration state.
  • [PROMPT_INJECTION]: The skill incorporates a surface for indirect prompt injection by fetching content from documentation (clawdocs) and external web sources (WebSearch).
  • Ingestion points: SKILL.md (via WebSearch and clawdocs commands)
  • Boundary markers: Not explicitly defined for external content
  • Capability inventory: SKILL.md (Bash, Task, WebSearch tools)
  • Sanitization: No specific filtering or sanitization of external content is described before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:40 PM