openclaw-media-gen
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill documentation describes executing a local script
scripts/media_gen_client.pyusingpython3. Because the content of this script is not included in the analyzed files, its internal behavior (e.g., subprocess spawning, arbitrary command execution, or sanitization logic) remains unverified. - [NO_CODE] (HIGH): Critical operational logic is abstracted into external scripts that were not provided for analysis. This lack of transparency is a significant security risk for AI agents executing these commands.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill interacts with the non-whitelisted domain
api.aisa.oneand explicitly supports downloading content from arbitrary external URLs (e.g., Wikipedia images). This behavior could be exploited to download malicious payloads if the URLs are manipulated via indirect prompt injection. - [DATA_EXFILTRATION] (MEDIUM): The skill requires a sensitive environment variable
AISA_API_KEY. Without access to the client script's source code, it is impossible to verify that this credential is not being exfiltrated to unauthorized endpoints during the image/video generation process. - [PROMPT_INJECTION] (MEDIUM): The skill ingests untrusted user prompts and external URLs to generate media. If the underlying API or the unverified client script does not properly sanitize these inputs, it could lead to tool output poisoning or downstream influence on the agent's behavior.
Recommendations
- AI detected serious security threats
Audit Metadata