infographic
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill retrieves a Telegram bot token by reading a local configuration file at
~/.openclaw/openclaw.jsonwithin thescripts/send_telegram.shscript. - [COMMAND_EXECUTION]: The skill executes multiple local scripts (
screenshot.js,send_telegram.sh) and usesnode -efor inline JavaScript execution. It also dynamically searches for and requires theplaywrightmodule from the user's~/.npm/_npxdirectory, which constitutes dynamic module loading from a user-writable path. - [EXTERNAL_DOWNLOADS]: The skill requires downloading and installing the Playwright library and Chromium browser, which are external dependencies hosted on public registries.
- [DATA_EXFILTRATION]: The
scripts/send_telegram.shscript transmits the generated infographic and user-provided captions to the Telegram API (api.telegram.org). While this is a documented feature, it represents an automated transfer of local data to an external service using local credentials. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted external content and embeds it into HTML without explicit sanitization.
- Ingestion points: Articles and tweets processed by the agent in
SKILL.md. - Boundary markers: Absent; the content is placed directly into the HTML structure.
- Capability inventory: File system access, script execution, and network communication via the included Node.js and Bash scripts.
- Sanitization: No evidence of content sanitization or escaping is provided in the skill instructions, potentially allowing the execution of scripts within the rendering environment.
Audit Metadata