Skills
skills/openclaw/skills/Hooks Automation/Gen Agent Trust Hub

Hooks Automation

Fail

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis

================================================================================

🔴 VERDICT: HIGH

This skill presents a HIGH risk due to its reliance on an unverified external dependency, the potential for command injection through unsanitized parameters, and the establishment of persistence mechanisms via Git hooks. The skill's core functionality involves executing commands and scripts, which, if compromised or misused, could lead to arbitrary code execution and unauthorized actions.

Total Findings: 5

🔴 HIGH Findings: • Command Execution / Injection

  • configuration.md: The command fields in the JSON configuration (e.g., "command": "npx claude-flow hook pre-edit --file '${tool.params.file_path}'") directly interpolate ${tool.params.file_path} and ${tool.params.command} into shell commands. If these parameters are not rigorously sanitized by the claude-flow CLI, an attacker could inject malicious commands (e.g., '; rm -rf /; #') leading to arbitrary code execution. This is a critical command injection vulnerability. • Persistence Mechanism
  • examples.md: The skill provides instructions to add scripts to .git/hooks/pre-commit, .git/hooks/post-commit, and .git/hooks/pre-push. These Git hooks establish persistence within a repository, allowing arbitrary commands to be executed automatically on Git events (commit, push), which can be exploited for malicious purposes. • Arbitrary Code Execution (Custom Hooks)
  • examples.md: The 'Custom Hook Creation' section demonstrates how to register and execute custom JavaScript files (e.g., .claude/hooks/custom-quality-check.js). The execute function in these custom hooks receives context (including file and content), which, if not carefully controlled and validated, could allow for arbitrary code execution within the skill's environment.

🟡 MEDIUM Findings: • Unverifiable Dependency

  • SKILL.md: The skill requires the installation of claude-flow CLI via npm install -g claude-flow@alpha. This is an external dependency that is not part of the trusted GitHub repositories or organizations, making its contents and behavior unverifiable at analysis time. This introduces a supply chain risk. • Conditional Attack Trigger
  • examples.md: The pre-push hook example includes conditional logic (if (( $(echo "$TRUTH_SCORE < 0.95" | bc -l) ))) that gates behavior based on a calculated score. While not directly malicious, such conditional triggers can be used to delay or hide malicious actions until specific conditions are met.

🔵 LOW Findings: • No Low Findings

ℹ️ TRUSTED SOURCE References: • GitHub Commit Reference

  • _meta.json: The latest.commit field references a GitHub commit URL (https://github.com/clawdbot/skills/commit/e582b618a45263a11a7550d798b9e76cb0440152). GitHub is a trusted external source. This reference itself is informational and does not pose a direct security risk.

================================================================================

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 13, 2026, 09:44 AM