The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates the execution of various shell commands through the iphoneclaw CLI tool. Key operations include running scripts (python -m iphoneclaw script run), recording user behavior (python -m iphoneclaw script record-user), and managing remote execution (python -m iphoneclaw ctl run-script). These commands allow the agent to perform complex automation tasks directly on the host system.
[REMOTE_CODE_EXECUTION]: The skill supports the execution of arbitrary script files via the run_script(path=...) parameter, which bypasses the safer name-based registry lookup. Furthermore, the ctl run-script command utilizes a Supervisor API endpoint (POST /v1/agent/script/run) to trigger script execution on a worker node. If an attacker can write a file to the filesystem or influence the supervisor configuration, they could achieve remote code execution.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data ingestion patterns. 1. Ingestion points: The agent reads and processes action scripts from action_scripts/ and execution logs from runs/*/events.jsonl to record or register new scripts. 2. Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore embedded commands within these processed files. 3. Capability inventory: The skill provides access to the iphoneclaw CLI and the ability to execute arbitrary script paths on the system. 4. Sanitization: No sanitization or validation mechanisms are described for the content of the scripts or the variables passed to them.

iphoneclaw-action-scripts