Skills
skills/qwenlm/qwen-code/qwen-code-claw/Gen Agent Trust Hub

qwen-code-claw

Fail

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to install and run the Qwen and ACPX tools. It explicitly instructs the agent to use the --approve-all flag, which bypasses interactive approval for tool execution, significantly increasing the risk of unauthorized system or file modifications.
  • [EXTERNAL_DOWNLOADS]: The skill downloads software from the public NPM registry (@qwen-code/qwen-code, acpx) and refers to external documentation on GitHub. While some resources are vendor-affiliated, others come from third-party repositories.
  • [CREDENTIALS_UNSAFE]: The documentation provides commands that pass sensitive API keys (BAILIAN_CODING_PLAN_API_KEY) as plain-text command-line arguments. This practice exposes credentials to other users on the system via process lists and persists them in shell history.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process data from external codebases and pull requests. This creates an attack surface for indirect prompt injection, where malicious instructions embedded in a repository could hijack the agent's logic.
  • [REMOTE_CODE_EXECUTION]: The skill uses npx to dynamically download and execute code from the acpx package and includes a command to install additional remote skills, which can execute arbitrary instructions at runtime.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 26, 2026, 09:50 PM