Skills
skills/openclaw/skills/crawl-for-ai/Gen Agent Trust Hub

crawl-for-ai

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFE
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external websites and returns it to the agent without sanitization or boundary delimiters. This creates a surface where instructions hidden on a webpage could attempt to influence the agent's behavior.
  • Ingestion points: The crawl function in scripts/crawl4ai.js fetches content from arbitrary user-provided URLs.
  • Boundary markers: Absent. The raw markdown is printed directly to stdout.
  • Capability inventory: The script is limited to network POST requests to the user-configured CRAWL4AI_URL and file system reads of environment variables.
  • Sanitization: No sanitization or filtering is performed on the scraped content before it is returned to the agent.
  • [Data Exposure & Exfiltration] (SAFE): The script reads the CRAWL4AI_KEY environment variable and transmits it as a Bearer token. While this key would be sent to any URL configured in CRAWL4AI_URL, this is the standard and intended authentication mechanism for the self-hosted service.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 09:36 PM