mission-control
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructions direct the user to clone code from
https://github.com/Jzineldin/mission-control.git. This is a non-trusted repository outside of the approved whitelist. - REMOTE_CODE_EXECUTION (HIGH): The installation process involves
git clonefollowed bynpm installandnode server.js, which executes unverified remote code directly on the host machine. - COMMAND_EXECUTION (HIGH): The setup guide requires the use of
sudoto copy files to/etc/systemd/system/and enable a system service. This grants the third-party application administrative privileges and establishes persistence on the host system. - CREDENTIALS_UNSAFE (MEDIUM): The documentation states the application 'auto-detects' sensitive information, including gateway tokens from
~/.openclaw/openclaw.json, which could be exposed or exfiltrated by the unverified code. - PROMPT_INJECTION (LOW): The 'Scout' and 'Workshop' features ingest untrusted data from web searches and sub-agents.
- Ingestion points: Web search results (Brave API) and sub-agent task reports.
- Boundary markers: None mentioned in the setup documentation.
- Capability inventory: The skill runs a Node.js server with the ability to execute shell commands and modify system services.
- Sanitization: No evidence of sanitization for ingested data is provided in the documentation.
Recommendations
- AI detected serious security threats
Audit Metadata