nexus-caiwu-agent
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/fetch_data.pycontains aninstall_packagefunction that executespip installusingsubprocess.run. While currently used for a hardcoded list of dependencies, the mechanism allows for arbitrary command execution if the input is manipulated. - [EXTERNAL_DOWNLOADS]:
scripts/baidu_skills_wrapper.pyincludes a_download_ai_pptmethod that fetches files from remote URLs provided by theclawhub.aiAPI. This pattern of downloading and saving remote binary files (PPTX) poses a risk if the source is compromised. - [REMOTE_CODE_EXECUTION]: The
scripts/wrapper.pyscript usessys.path.insert(0, project_path)followed by dynamic imports. This allows the execution of arbitrary Python code from a user-controlled or environment-variable-defined directory path. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted data from
baidu-searchandbaidu-baike-searchviascripts/baidu_skills_wrapper.py. This data is subsequently used to build report outlines and PPT content without explicit sanitization or boundary markers to prevent embedded instructions from influencing the agent's behavior. - [DATA_EXFILTRATION]: The skill sends corporate analysis data to
https://clawhub.ai/ide-rea/, which is not a whitelisted or well-known service domain, representing a potential data exposure risk.
Audit Metadata