Skills
skills/openclaw/skills/clawdtm-review/Gen Agent Trust Hub

clawdtm-review

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (LOW): The skill performs network operations using curl to the external domain clawdtm.com. While this is the primary purpose of the skill, the domain is not on the established trusted list.
  • Evidence: Multiple curl commands targeting https://clawdtm.com/api/v1/.
  • Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection as it retrieves and processes review_text from an external API, which could contain instructions intended to influence the agent's behavior.
  • Ingestion points: API responses from https://clawdtm.com/api/v1/skills/reviews in SKILL.md.
  • Boundary markers: Absent; no instructions are provided to the agent to treat external review content as untrusted data.
  • Capability inventory: The agent can perform network requests (curl) and modify its own data on the remote platform.
  • Sanitization: Absent; the skill does not specify any validation or filtering of the retrieved review text.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 01:35 PM