Skills
skills/hm-runninghub/openclaw_rh_skills/runninghub/Gen Agent Trust Hub

runninghub

Fail

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The core scripts runninghub.py and runninghub_app.py include logic in the resolve_media and upload_file functions that reads local files from paths provided as arguments and uploads them to https://www.runninghub.cn. An attacker could exploit this by tricking the agent into 'processing' sensitive system files (e.g., .env, ~/.ssh/id_rsa), resulting in the exfiltration of private data to an external API.\n- [COMMAND_EXECUTION]: The skill uses the Python subprocess.run module to execute curl commands for network interactions. While these calls use argument lists to mitigate direct shell injection, they execute external processes based on user-supplied parameters mediated by the agent, representing a significant capability surface.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted user prompts and file paths without isolation or validation.\n
  • Ingestion points: User prompts in SKILL.md and file paths provided to the --image, --video, and --audio script arguments.\n
  • Boundary markers: No delimiters or isolation markers are used to distinguish instructions from untrusted data.\n
  • Capability inventory: Shell command execution (via curl), arbitrary file reading (via media upload), and binary file modification (via the fix_mov_to_mp4 function).\n
  • Sanitization: No input sanitization, path validation, or instruction filtering is performed on data before it is passed to sensitive system functions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 2, 2026, 03:38 PM