use-native-credential-proxy
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches implementation code from the official vendor repository at github.com/qwibitai/nanoclaw.git to replace the gateway with a built-in proxy implementation.
- [COMMAND_EXECUTION]: Executes shell commands to install dependencies (pnpm install), build the project, and run unit tests using pnpm and vitest.
- [COMMAND_EXECUTION]: Performs system-level service management using launchctl (macOS) and systemctl (Linux) to restart the application after configuration changes.
- [PROMPT_INJECTION]: Ingests user-provided credentials and automatically writes them to the .env file via shell redirection, which creates a surface for indirect injection.
- Ingestion points: User response text containing API keys or tokens in Phase 3 (Setup Credentials).
- Boundary markers: Absent; the skill does not use delimiters or ignore-embedded-instructions warnings for the user input.
- Capability inventory: File system writing (redirection to .env) and shell execution (echo, pnpm, systemctl, launchctl) across the SKILL.md instructions.
- Sanitization: Absent; the skill does not specify validation or escaping for the user-provided tokens before they are interpolated into the shell command string.
Audit Metadata