Skills
skills/openclaw/skills/distributed-tracing/Gen Agent Trust Hub

distributed-tracing

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to execute kubectl create -f on a remote YAML file hosted at https://github.com/jaegertracing/jaeger-operator/releases/download/v1.51.0/jaeger-operator.yaml.
  • Evidence: Found in SKILL.md under the 'Kubernetes Deployment' section.
  • Context: While the source is the official Jaeger project, the organization is not on the 'Trusted GitHub Organizations' list provided in the security policy, making it an unverifiable remote source for configuration execution.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): Executing remote YAML files via kubectl is equivalent to piping remote scripts to a shell, as it can define privileged containers, cluster roles, and other sensitive resources.
  • [INFO] (SAFE): The automated scan alert regarding logger.info is a false positive. The scanner misidentified a standard programming method call (logger.info("...")) as a malicious URL.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 10:34 AM