Skills
skills/openclaw/skills/knowledge-management/Gen Agent Trust Hub

knowledge-management

Fail

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The generateIndex function in index-local.js uses the unsafe eval() function to parse the tags array from markdown frontmatter. Because this data is extracted from source memory files (MEMORY.md and daily logs) that are parsed as text, an attacker can inject arbitrary JavaScript by including a specially crafted tags array in those files.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content from local memory files which serves as an entry point for potential code execution.
  • Ingestion points: MEMORY.md and daily files in the memory/ directory are parsed by the MemoryParser class.
  • Boundary markers: No explicit delimiters or boundary markers are used to separate user-provided content from control metadata during parsing.
  • Capability inventory: The skill possesses extensive file system capabilities (read, write, and delete via fs.unlinkSync in the cleanup tool) and the ability to execute dynamic code via eval().
  • Sanitization: While basic character replacement is used for filenames (sanitizeFilename), no validation or sanitization is performed on metadata fields parsed from file content before being passed to eval().
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 7, 2026, 09:54 AM