Skills
skills/leoyeai/openclaw-master-skills/skill-finder-cn/Gen Agent Trust Hub

skill-finder-cn

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a dedicated CLI tool (clawhub) to perform search, inspection, and installation of other skills. This includes a shell script wrapper in scripts/search.sh.
  • [EXTERNAL_DOWNLOADS]: The clawhub install command retrieves and installs third-party code from the ClawHub registry to the local system.
  • [PROMPT_INJECTION]: The skill represents an indirect injection surface because it retrieves and displays content from an external registry that is processed by the agent.
  • Ingestion points: Registry data fetched via clawhub search and clawhub inspect as described in SKILL.md and scripts/search.sh.
  • Boundary markers: No explicit delimiters or instructions are used to separate search results from the agent's core instructions.
  • Capability inventory: The skill has the capability to write to the filesystem and register new executable commands through the clawhub install process.
  • Sanitization: The skill does not perform sanitization or validation of the text returned from the ClawHub registry.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 07:05 AM