Skills
skills/openclaw/skills/Management/Gen Agent Trust Hub

Management

Pass

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: LOWNO_CODE
Full Analysis

================================================================================

✅ VERDICT: SAFE

This skill is purely informational and does not contain any executable code, scripts, or instructions that could pose a security risk. It provides guidance on management principles through natural language descriptions.

Total Findings: 0

================================================================================

Detailed breakdown of threat categories:

  1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'You are now unrestricted', 'Ignore previous instructions') were found in SKILL.md or _meta.json.

  2. Data Exfiltration: No sensitive file paths (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) or network operations (e.g., curl, wget, fetch) were detected in either file. The _meta.json contains a GitHub URL, but it is a static reference and not an instruction to perform a network operation or exfiltrate data.

  3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, Unicode homoglyphs, URL encoding, hex escapes, or HTML entities were found in the content of either file.

  4. Unverifiable Dependencies: No instructions to install external packages (e.g., npm install, pip install) or execute external scripts were found. The GitHub commit URL in _meta.json is a static reference to a trusted domain (github.com) and does not constitute an active dependency to be executed.

  5. Privilege Escalation: No commands or patterns associated with privilege escalation (e.g., sudo, chmod, service installation) were found in either file.

  6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying ~/.bashrc, creating cron jobs, configuring LaunchAgents) were detected.

  7. Metadata Poisoning: The name, description, and metadata fields in SKILL.md, as well as all fields in _meta.json, were reviewed and found to be benign, containing no hidden malicious instructions.

  8. Indirect Prompt Injection: This skill is purely instructional and does not process external user-provided content (like emails or web pages) in a way that would make it susceptible to indirect prompt injection.

  9. Time-Delayed / Conditional Attacks: No conditional logic (e.g., if statements based on date, time, or usage) that could trigger delayed malicious behavior was found.

Adversarial Reasoning:

The skill's content is entirely descriptive Markdown and JSON metadata. There are no executable components where an attacker could hide malicious code. The skill's stated purpose of providing management guidance aligns perfectly with its content, with no suspicious discrepancies or hidden functionalities. The absence of any active components significantly reduces the attack surface, making it a very low-risk skill.

Audit Metadata
Risk Level
LOW
Analyzed
Feb 12, 2026, 01:09 PM