Skills
skills/openclaw/skills/agentskills-io/Gen Agent Trust Hub

agentskills-io

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill instructions and scripts point to a non-whitelisted GitHub repository (agentskills/agentskills) for essential tools.
  • Evidence: SKILL.md and references/validation.md recommend installation from git+https://github.com/agentskills/agentskills.
  • REMOTE_CODE_EXECUTION (HIGH): The skill utilizes uvx to download and execute code from a remote, untrusted repository at runtime.
  • Evidence: scripts/validate-skills-repo.sh executes uvx --from git+https://github.com/agentskills/agentskills#subdirectory=skills-ref skills-ref validate "$skill_dir".
  • COMMAND_EXECUTION (LOW): The skill includes shell scripts that automate repository management using tools like git and jq.
  • Evidence: scripts/bump-changed-plugins.sh performs git diffs and uses jq to modify JSON files.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill's primary function is to process and validate other skill files (untrusted data). This creates an attack surface if an agent relies on the output of the validation process without sanitization.
  • Ingestion points: SKILL.md files processed by scripts/validate-skills-repo.sh.
  • Boundary markers: None identified in the wrapper scripts.
  • Capability inventory: Shell command execution and remote script fetching.
  • Sanitization: No sanitization logic detected in the provided bash scripts.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 21, 2026, 01:33 AM