Skills
skills/hubblevision/hubble-data-service-skill/hk-kline/Gen Agent Trust Hub

hk-kline

Fail

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill exposes a hardcoded API key (123456) within the AUTH variable definition in the SKILL.md file, which is used for authentication in subsequent network requests.
  • [EXTERNAL_DOWNLOADS]: The skill initiates network requests to a remote IP address (43.167.234.49) that does not belong to a well-known or trusted service provider. These requests are conducted over plaintext HTTP, increasing the risk of data interception or man-in-the-middle attacks.
  • [COMMAND_EXECUTION]: The skill provides instructions to execute shell commands, specifically using curl for data retrieval and a cp command in the metadata section to modify the local filesystem by copying skill files into the ~/.openclaw/skills/ directory.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 8, 2026, 02:51 PM