Skills
skills/openclaw/skills/ripgrep/Gen Agent Trust Hub

ripgrep

Pass

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: LOWNO_CODEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis

================================================================================

✅ VERDICT: SAFE

This skill is a documentation-focused wrapper for the ripgrep command-line tool. It provides examples of how to use rg for text searching. The skill itself does not contain any executable scripts or code that could pose a direct security threat. The installation instructions refer to trusted package managers (brew, apt) for a well-known, legitimate tool (ripgrep). While any skill that processes user-supplied text carries an inherent risk of indirect prompt injection if the AI agent processes the output without sanitization, this is a general risk and not a specific vulnerability in the skill's design.

Total Findings: 2

🔵 LOW Findings: • Unverifiable Dependencies

  • Line 6 (SKILL.md): The skill suggests installing ripgrep via brew or apt. These are trusted package managers, and ripgrep is a well-known, open-source tool. The homepage links to https://github.com/BurntSushi/ripgrep, which is a trusted GitHub source. This is noted as an external dependency but does not elevate the overall risk.

ℹ️ TRUSTED SOURCE References: • https://github.com/BurntSushi/ripgrep

  • Line 4 (SKILL.md): The skill's homepage points to the official GitHub repository for ripgrep, which is a trusted external source.

================================================================================

Audit Metadata
Risk Level
LOW
Analyzed
Feb 13, 2026, 09:44 AM