Skills
skills/openclaw/skills/data-analysis-skill/Gen Agent Trust Hub

data-analysis-skill

Fail

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/report-generate.js file is vulnerable to command injection through the reportName parameter.
  • Evidence: The saveAsPDF function in scripts/report-generate.js uses execSync to execute the wkhtmltopdf binary. It constructs the command string using reportName (passed via command-line arguments) without any sanitization or escaping. An attacker could craft a malicious report name (e.g., ; touch pwned;) to execute arbitrary commands on the host system.
  • [CREDENTIALS_UNSAFE]: The skill documentation and scripts promote the practice of passing database credentials as plaintext command-line arguments.
  • Evidence: Both README.md and scripts/data-fetch.js provide examples for connecting to databases using strings like mysql://user:pass@host/db. This exposes sensitive credentials to all users on the system via the process list and command history.
  • [DATA_EXFILTRATION]: The skill provides tools for reading arbitrary remote content and local files, which can be combined with other vulnerabilities to exfiltrate data.
  • Evidence: The scripts/data-fetch.js script allows fetching data from any user-supplied URL via the --url or --api flags. When combined with the command execution vulnerability in the reporting script, this allows an attacker to read local configuration files or environment variables and send them to an external server.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the web and APIs which is then incorporated into reports analyzed by an AI.
  • Ingestion points: scripts/data-fetch.js (Web and API sources).
  • Boundary markers: None present in templates or script interpolation logic.
  • Capability inventory: File writing (fs.writeFileSync), external command execution (execSync in report-generate.js), and network requests (httpRequest in data-fetch.js).
  • Sanitization: While scripts/data-viz.js includes basic HTML escaping, the scripts/report-generate.js script performs simple string replacement on Markdown templates, allowing malicious instructions in the source data to persist into the final report.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 6, 2026, 06:13 AM