Skills
skills/majiayu000/claude-arsenal/openclaw-deploy/Gen Agent Trust Hub

openclaw-deploy

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Remote Code Execution (HIGH): The skill uses the highly insecure 'curl | bash' pattern to execute remote scripts. This allows an attacker who controls the remote server to execute arbitrary commands on the system. URLs detected include https://openclaw.ai/install.sh, https://deb.nodesource.com/setup_22.x, and https://rpm.nodesource.com/setup_22.x.
  • External Downloads (MEDIUM): The skill downloads and executes scripts from domains that are not part of the 'Trusted External Sources' whitelist. While NodeSource is a common provider, openclaw.ai is an unknown third-party domain, which significantly increases the risk of a supply-chain attack or malicious payload execution.
Recommendations
  • HIGH: Downloads and executes remote code from: https://deb.nodesource.com/setup_22.x, https://rpm.nodesource.com/setup_22.x, https://openclaw.ai/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 21, 2026, 12:22 PM