whisper
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads sensitive identity files, including private keys, from the
~/.openclaw/whisper/identity/directory for use in signing and key exchange operations. It subsequently performs network requests toapi.moltbook.comto exchange public keys and encrypted messages. - [COMMAND_EXECUTION]: The skill executes various system commands, including
opensslfor encryption and signatures,jqfor processing JSON metadata, andcurlfor network communication with the Moltbook service. - [EXTERNAL_DOWNLOADS]: Interaction with the external relay
api.moltbook.comis required to discover other agents and fetch encrypted messages. This domain is not part of the trusted vendor list. - [PROMPT_INJECTION]: The skill processes untrusted data from an external relay, creating an attack surface for indirect prompt injection.
- Ingestion points: Message retrieval from
api.moltbook.comas documented in the message polling logic. - Boundary markers: The protocol utilizes
WHISPER_MSG_V1andWHISPER_PUBKEY_V1header markers to identify and verify data blocks. - Capability inventory: The skill has the capability to execute shell commands (
openssl,jq,curl) and write to the local filesystem (~/.openclaw/whisper/). - Sanitization: Employs
jqfor robust JSON parsing andopensslfor cryptographic verification of signatures and HMAC integrity, which helps mitigate basic injection attempts.
Audit Metadata