The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): Multiple scripts, including scripts/patch-multiple.sh and scripts/patchmon-query.sh, utilize the source command on external configuration files and credential files. This allows any code contained within those files to execute with the full privileges of the user running the OpenClaw skill.\n- [REMOTE_CODE_EXECUTION] (CRITICAL): A high-risk indirect injection vulnerability exists in scripts/patchmon-query.sh.\n
Ingestion points: Data is ingested from the external PatchMon API in scripts/patchmon-query.sh.\n
Boundary markers: None. Data is written directly into a generated shell script using cat.\n
Capability inventory: The skill possesses significant capabilities, including ssh remote execution and sudo access.\n
Sanitization: None. Data extracted via jq is placed inside double-quoted shell arrays. A malicious hostname (e.g., $(whoami)") would terminate the string and execute arbitrary commands when the resulting file is later sourced.\n- [COMMAND_EXECUTION] (HIGH): The scripts scripts/patch-host-full.sh and scripts/patch-host-only.sh use eval to process the output of detect-os.sh. This pattern is highly susceptible to command injection if a target host's /etc/os-release or the distribution logic is manipulated.\n- [EXTERNAL_DOWNLOADS] (HIGH): The documentation (references/patchmon-setup.md) promotes the dangerous 'curl | sudo bash' pattern for installing agents, which provides no integrity checks and allows for immediate RCE if the remote source is compromised.\n- [CREDENTIALS_UNSAFE] (MEDIUM): The skill stores PatchMon API credentials in plaintext in ~/.patchmon-credentials.conf. Additionally, scripts/patchmon-query.sh uses curl -k, which bypasses SSL certificate verification and exposes these credentials to interception via Man-in-the-Middle (MITM) attacks.

linux-patcher