tool-openclaw
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): Documentation within the skill (e.g., 'references/docs/install/ansible.md' and 'references/docs/start/getting-started.md') explicitly instructs users to execute remote scripts using the insecure 'curl | bash' and 'iwr | iex' patterns from untrusted domains. While these are presented as official installers for the tool, they represent a critical remote code execution vector. Drop from CRITICAL to HIGH per the primary skill purpose rule.
- EXTERNAL_DOWNLOADS (HIGH): The skill facilitates the download and execution of binary installers and third-party skills from external repositories. The 'scripts/search-skills.sh' script fetches a catalog from a non-whitelisted GitHub repository ('VoltAgent/awesome-clawdbot-skills').
- COMMAND_EXECUTION (MEDIUM): Multiple scripts in 'scripts/autoupdate/' are designed to modify the host system's configuration by installing background persistence mechanisms, including Cron jobs, Systemd user units, macOS LaunchAgents, and Windows Scheduled Tasks. Drop from HIGH to MEDIUM per the primary skill purpose rule.
- DATA_EXFILTRATION (MEDIUM): The operational scripts 'scripts/ops/backup_state.sh' and 'scripts/ops/diag_bundle.sh' perform recursive reads of the '.openclaw' state directory, which is documented to contain sensitive OAuth tokens, API keys, and session transcripts. While intended for local backups or manual diagnostic sharing, and despite using a basic redaction filter in the diagnostic script, this remains a significant data exposure risk. Drop from HIGH to MEDIUM per the primary skill purpose rule.
Recommendations
- AI detected serious security threats
Audit Metadata