Skills
skills/openclaw/skills/confidant/Gen Agent Trust Hub

confidant

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill uses npx to download and run the @aiconnect/confidant package from the npm registry. This package and its organization are not listed in the Trusted External Sources, posing a supply chain risk.
  • [REMOTE_CODE_EXECUTION] (HIGH): Runtime execution of remote npm packages via npx allows for arbitrary code execution on the agent's system. An attacker could potentially compromise the package to gain control over the agent.
  • [CREDENTIALS_UNSAFE] (HIGH): The skill's primary purpose is to handle high-value secrets such as API keys, passwords, and tokens. Directing these sensitive items through an unverified third-party tool creates a significant risk of credential exposure or theft.
  • [COMMAND_EXECUTION] (MEDIUM): The skill relies on shell command execution (npx ...). If parameters like the URL or label are sourced from untrusted user data, it could lead to command injection.
  • [DATA_EXFILTRATION] (MEDIUM): While the tool claims to be secure, its ability to send data to arbitrary URLs provided in the fill command creates a vector for data exfiltration if the agent is tricked into sending secrets to an attacker-controlled endpoint.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 08:49 PM