Skills
skills/openclaw/skills/fal-api/Gen Agent Trust Hub

fal-api

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected. The skill accepts user-provided prompts and sends them to external generative AI models.
  • Ingestion points: The prompt parameter in FalAPI.generate_image, FalAPI.generate_video, and FalAPI.generate_and_wait in fal_api.py.
  • Boundary markers: Absent. The prompt is directly interpolated into the JSON payload for the API request.
  • Capability inventory: Network requests (urllib.request) to the fal.ai API. The skill returns URLs which may be processed by other agent tools.
  • Sanitization: Absent.
  • [COMMAND_EXECUTION] (LOW): The skill uses the subprocess module to interface with a local configuration tool.
  • Evidence: subprocess.run(["clawdbot", "config", "get", f"skill.fal_api.{key}"], ...) in fal_api.py.
  • Risk: While the command uses a list format to mitigate shell injection and the key name is typically hardcoded, calling external binaries introduces a dependency on the host environment's path and the integrity of the clawdbot binary.
  • [DATA_EXFILTRATION] (LOW): Network operations are performed to a non-whitelisted domain.
  • Evidence: self.QUEUE_URL = "https://queue.fal.run" and usage of urllib.request.urlopen in fal_api.py.
  • Risk: The skill transmits user prompts and potentially source image/audio URLs to the fal.ai infrastructure. While expected for the skill's functionality, it constitutes data transmission to an external service provider.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 08:15 PM