Skills
skills/openclaw/skills/skill-vetter/Gen Agent Trust Hub

skill-vetter

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Includes command templates for curl and jq to fetch repository information and file contents. These commands are intended for the agent to perform auditing and inspection of other skills.
  • [EXTERNAL_DOWNLOADS]: References GitHub's API and raw content domains (api.github.com, raw.githubusercontent.com) to retrieve metadata and source code for review. These are well-known services for hosting and auditing code.
  • [PROMPT_INJECTION]: Identifying a surface for indirect prompt injection as the skill is designed to ingest and process untrusted external instructions from third-party repositories. Ingestion points: Remote skill files (e.g., SKILL.md) fetched via network requests. Boundary markers: Absent. Capability inventory: Command execution via curl and jq. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 06:47 AM