Skills
skills/openclaw/skills/skill-search/Gen Agent Trust Hub

skill-search

Warn

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/skillhub.sh fetches skill content from the vendor registry at https://skills.droyd.ai/api/skill-content/ and uses an embedded Python script to extract multiple files to /tmp/openclaw-skills/ for agent execution.
  • [COMMAND_EXECUTION]: The SKILL.md instructions guide the agent to 'follow the loaded skill's instructions' and run bundled scripts from the extracted directory, facilitating the runtime execution of third-party logic.
  • [PROMPT_INJECTION]: The skill processes untrusted metadata and instructions from a remote API which can influence agent behavior.
  • Ingestion points: Remote data enters via API endpoints GET /api/search and GET /api/skill-content/.
  • Boundary markers: The skill does not use specific delimiters or instructions to ignore embedded commands in the fetched data before presenting it to the agent.
  • Capability inventory: The agent is encouraged to perform file system operations and script execution based on the loaded content.
  • Sanitization: No sanitization or validation of the downloaded instructions or script content is performed before use.
  • [EXTERNAL_DOWNLOADS]: The skill downloads data and executable content from the vendor-managed domain https://skills.droyd.ai. While this is an official source for the 'openclaw' vendor, the behavior enables the loading of unvetted third-party content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 23, 2026, 08:46 AM