The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): The scripts scripts/rename_channel.py and scripts/setup_channel.py programmatically read the Discord bot token and Guild ID from the local configuration file located at ~/.openclaw/config.json.- [DATA_EXPOSURE] (HIGH): The skill performs unauthorized reading of sensitive configuration files (~/.openclaw/config.json) which contains credentials and system state.- [COMMAND_EXECUTION] (MEDIUM): The scripts/create-agent.sh script executes multiple host system commands via the openclaw CLI, including gateway config.patch and cron add, to alter system behavior and persistence.- [INDIRECT_PROMPT_INJECTION] (MEDIUM): In scripts/create-agent.sh, user-provided arguments such as --specialty and --name are directly written into SOUL.md using a here-doc. Since SOUL.md serves as the system prompt for the newly created agent, this allows for the injection of malicious instructions into the agent's core identity.- [DATA_EXFILTRATION] (LOW): The scripts transmit the extracted Discord token to https://discord.com/api/v10/. While this is consistent with the skill's stated purpose, the handling of raw tokens by local scripts constitutes an exfiltration risk.

agent-council