cto-advisor
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The
SKILL.mdfile explicitly instructs the agent to run local Python scripts:python scripts/tech_debt_analyzer.pyandpython scripts/team_scaling_calculator.py. These scripts are listed in the metadata but the code for them was not included in the analysis bundle. Executing unverified scripts from an untrusted source is a medium risk. - [EXTERNAL_DOWNLOADS] (LOW): The
_meta.jsonfile points to a GitHub repository (openclaw/skills) that does not belong to a trusted organization. While no automated download commands were detected, the provenance of the skill is untrusted. - [NO_CODE] (SAFE): No executable source code was provided in the 4 files analyzed (only Markdown and JSON). The primary risk is the behavioral instruction to execute external/missing scripts.
- [DATA_EXPOSURE & EXFILTRATION] (SAFE): No sensitive file paths, hardcoded credentials, or unauthorized network operations were detected in the provided documentation.
Audit Metadata