metaclaw-setup-architect
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to generate
BOOTSTRAP.mdfiles for agents, which are explicitly instructed to include 'actual shell commands' for system configuration and dependency installation. These scripts are intended to execute on the first run, creating a direct path for command execution. - [REMOTE_CODE_EXECUTION]: The skill facilitates the generation of
openclaw.jsonconfigurations that define MCP (Model Context Protocol) servers. These definitions often usenpxoruvxto download and execute remote packages (e.g.,@anthropic/mcp-server-brave-search). - [CREDENTIALS_UNSAFE]: The architecture manages sensitive credentials such as
DISCORD_BOT_TOKEN,TELEGRAM_BOT_TOKEN, andOWNER_PHONE. While the templates correctly advocate for referencing environment variables (e.g.,env:TOKEN), the `Phase 4 - Install
process instructs the agent to provide explicitexport` commands, which may lead to secrets being stored in shell history files. - [EXTERNAL_DOWNLOADS]: The generated setup instructions and skill templates include commands to download various third-party packages and binaries using package managers like
pip,npm, andbrew(e.g.,yt-dlp,openai-whisper,ffmpeg). - [PROMPT_INJECTION]: As a meta-generator, the skill is susceptible to indirect prompt injection. Malicious data provided during the 'Discovery' phase or ingested by the generated agents from external sources (like scraped web content or YouTube transcripts) could influence the generated logic, instructions, or shell commands.
Audit Metadata