Skills
skills/openclaw-commons/openclaw-skill-commons/skill-voter/Gen Agent Trust Hub

skill-voter

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill accesses a sensitive file at /workspace/.github_token to retrieve a GitHub personal access token. This token is used to authenticate requests to the GitHub API for voting and skill registration tasks.
  • [EXTERNAL_DOWNLOADS]: The skill fetches a leaderboard.json file from the openclaw-commons/openclaw-skill-commons repository on GitHub. This data is used to display trending and top-rated skills.
  • [COMMAND_EXECUTION]: The skill uses curl to download data from GitHub and pipes it into a Python subprocess for processing. The Python code executed is provided statically within the skill file.
  • [DATA_EXFILTRATION]: Hashed system metadata (hostname and workspace path) and user vote data are transmitted to the GitHub API (api.github.com). This data is sent to the author's repository to maintain the community leaderboard.
  • [SAFE]: All external communications are directed to well-known GitHub domains and the vendor's own infrastructure. The use of credentials and network access is necessary for the skill's core functionality of a community-powered reputation system.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 02:20 AM