openclaw-cost-optimization
Fail
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to fetch and execute the official installation script for Ollama (https://ollama.com/install.sh), which is a well-known service for local LLM execution.
- [COMMAND_EXECUTION]: Contains shell commands used for system auditing and configuration verification, including checking file sizes with
wcand parsing JSON files usingpython3subprocesses. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from
SOUL.md,USER.md, andIDENTITY.md(as described in the session startup and workspace trimming sections ofSKILL.md). There are no boundary markers or sanitization mechanisms present to delimit this interpolated content. The skill possesses the capability to execute subprocesses (python3,wc) and perform network operations (curl), creating a path for potential exploitation if malicious instructions are embedded in the workspace files.
Recommendations
- HIGH: Downloads and executes remote code from: https://ollama.com/install.sh - DO NOT USE without thorough review
Audit Metadata