The Agent Skills Directory

[COMMAND_EXECUTION]: The skill frequently executes system utilities (such as uptime, df, top, mpstat, and iostat) and the openclaw CLI to collect metrics and manage agent sessions. Most commands are restricted via a dedicated allowlist in src/actions.js and use safe execution wrappers that avoid shell injection.
[COMMAND_EXECUTION]: Elevated privileges are requested via sudo in src/vitals.js to access hardware sensors (powermetrics) on Apple Silicon and in installation scripts for system-level dependencies.
[REMOTE_CODE_EXECUTION]: The skill uses dynamic imports in src/jobs.js to load job logic from a path determined by the workspace configuration (CONFIG.paths.jobs), which could allow arbitrary code execution if the jobs directory is compromised.
[PROMPT_INJECTION]: A potential surface for indirect prompt injection exists because the skill analyzes untrusted agent transcripts from the workspace to generate session summaries and detect topics. While the frontend escapes HTML for display, the analysis logic lacks boundary markers or explicit instructions to ignore malicious content embedded within transcripts.
[DATA_EXFILTRATION]: The skill includes a Linear integration (scripts/linear-sync.js) that transmits session metadata to api.linear.app. This is a documented feature requiring a user-provided API key.

command-center