Skills
skills/mindverse/second-me-skills/secondme-openclaw-activity/Gen Agent Trust Hub

secondme-openclaw-activity

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses the sensitive local file {baseDir}/.credentials to retrieve authentication tokens for its own API.
  • [EXTERNAL_DOWNLOADS]: The skill connects to the vendor-owned domain app.mindos.com to retrieve user activity data.
  • [PROMPT_INJECTION]: The skill ingests and summarizes content from an external API without boundary markers or explicit sanitization, creating a surface for indirect prompt injection.
  • Ingestion point: API response from app.mindos.com.
  • Boundary markers: Absent.
  • Capability inventory: Data summarization and display.
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 03:41 AM