Skills
skills/openclaw/skills/niri-ipc/Gen Agent Trust Hub

niri-ipc

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the niri command-line tool to interact with the compositor.
  • Evidence: scripts/niri.py and scripts/niri_ctl.py use subprocess.run() and subprocess.Popen() with list-formatted arguments (e.g., ['niri', 'msg', '--json', ... ]), which effectively prevents shell injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill provides access to desktop metadata that could be exploited for indirect prompt injection.
  • Ingestion points: scripts/niri_ctl.py and scripts/niri.py fetch window titles and application IDs directly from the compositor environment.
  • Boundary markers: Absent. There are no explicit markers or 'ignore' instructions wrapped around the window metadata when it is retrieved.
  • Capability inventory: The skill allows for significant session control, including the ability to close windows, switch workspaces, and execute new processes via the niri msg action spawn command.
  • Sanitization: Absent. Window titles, which may contain arbitrary text from web browsers or other applications, are passed to the agent without sanitization or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 07:20 AM