Skills
skills/petekp/agent-skills/openclaw-customizer/Gen Agent Trust Hub

openclaw-customizer

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill instructions in SKILL.md direct the agent to fetch live data from https://docs.openclaw.ai/llms.txt for any information not found in the local reference files. This creates a surface where compromised external documentation could influence the agent's behavior.
  • Ingestion points: SKILL.md (External fetch from docs.openclaw.ai).
  • Boundary markers: Absent; there are no instructions to sanitize or delimit the content fetched from the web.
  • Capability inventory: The skill documents access to powerful tools including exec, write, and the openclaw CLI.
  • Sanitization: Absent.
  • [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The documentation in references/tools-skills-hooks.md promotes the use of clawhub, a command-line utility for installing community-created skills. This pattern encourages the execution of unverified remote code on the user's infrastructure.
  • [Command Execution] (LOW): Multiple reference files provide specific shell command patterns for the openclaw CLI, including cron job creation and system configuration. While these are legitimate features of the software, they represent a significant capability surface that could be abused if the agent is subjected to prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 06:42 AM