installer-auditor
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to discover and execute arbitrary CLI commands found on the system to validate functionality, including running help commands and real-world usage scenarios.
- [COMMAND_EXECUTION]: The 'Self-Heal' logic allows the agent to perform active modifications such as 'clean reinstalls' and fixing file 'path/permission' (e.g., chmod operations) within the user's environment (~/.openclaw).
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and acting upon data from external sources, including other skill files (SKILL.md) and system configuration files, without explicit sanitization or boundary markers.
- [PROMPT_INJECTION]: Mandatory Evidence Chain: 1. Ingestion points: Reads SKILL.md files, openclaw.json, and workspace files. 2. Boundary markers: None identified in the provided instructions. 3. Capability inventory: Can execute CLI commands, spawn agent sessions (sessions_spawn), and write to memory/learning logs. 4. Sanitization: No evidence of input validation or command escaping before execution.
Audit Metadata