Skills
skills/qwibitai/nanoclaw/setup/Gen Agent Trust Hub

setup

Fail

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes administrative commands using sudo to install system packages via apt-get, manage system services with systemctl, and modify system configuration files such as /etc/wsl.conf.
  • [COMMAND_EXECUTION]: Modifies Access Control Lists (ACLs) on the Docker socket (/var/run/docker.sock) and creates systemd configuration overrides to grant the agent persistent access to the container runtime.
  • [COMMAND_EXECUTION]: Establishes background persistence by creating and loading service definitions for launchd (macOS) and systemd (Linux).
  • [REMOTE_CODE_EXECUTION]: Downloads and executes installation scripts from well-known technology providers by piping remote content to a shell: https://get.docker.com | sh and https://deb.nodesource.com/setup_22.x | sudo -E bash -.
  • [CREDENTIALS_UNSAFE]: Accesses local .env files to read and verify sensitive authentication secrets, including CLAUDE_CODE_OAUTH_TOKEN and ANTHROPIC_API_KEY.
  • [PROMPT_INJECTION]: Vulnerable to indirect shell command injection if a user provides a malicious GitHub username which is interpolated directly into git remote add commands.
  • Ingestion points: User input via AskUserQuestion (GitHub username).
  • Boundary markers: Absent.
  • Capability inventory: Shell command execution via git.
  • Sanitization: Absent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://get.docker.com - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 12, 2026, 02:35 PM