The Agent Skills Directory

EXTERNAL_DOWNLOADS / REMOTE_CODE_EXECUTION (HIGH): The script scripts/droidclaw_service.sh clones and executes code from an untrusted GitHub repository (https://github.com/unitedbyai/droidclaw.git). This pattern allows for arbitrary remote code execution because the source is not a trusted organization according to policy. Evidence: REPO_URL defaults to the untrusted git URL and is followed by bun install and bun run.\n- COMMAND_EXECUTION (MEDIUM): The skill uses shell scripts to manage background processes and execute system commands like nohup, kill, and lsof. This allows the agent to manage local services but carries risks associated with process manipulation.\n- CREDENTIALS_UNSAFE (MEDIUM): Sensitive credentials such as DROIDCLAW_INTERNAL_SECRET and DROIDCLAW_USER_ID are managed via environment variables and transmitted in HTTP headers. If the DROIDCLAW_BASE_URL environment variable is manipulated or intercepted, these credentials could be exposed to a malicious host.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill accepts natural language goals for Android device automation, creating an attack surface for indirect injection. 1. Ingestion points: The run-goal command in scripts/droidclaw_ctl.py. 2. Boundary markers: None identified; the user-provided goal text is interpolated into API requests. 3. Capability inventory: UI automation, app interaction, and data capture on connected Android devices. 4. Sanitization: No evidence of sanitization or validation of the goal text before processing.

openclaw-droidclaw-bridge