installer-tester
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes several shell commands including
which,grep,mcporter, andopenclawduring Phase 1 to inspect the local environment, check existing software versions, and query the configuration file~/.openclaw/workspace/TOOLS.md. - [EXTERNAL_DOWNLOADS]: Phase 2 involves the use of established package managers such as Homebrew, npm, and pip to download and install external software. While these are well-known services, this capability allows the agent to pull and execute third-party code based on user input or external links.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in Phase 0 and Phase 1, where it ingests untrusted data from external tool documentation and local session history/logs. This data could contain malicious instructions designed to bypass the 'Phase 1' decision logic or trick the agent into recommending an unsafe tool.
Audit Metadata