openclaw
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides installation instructions that involve piping remote shell scripts (install.sh and install.ps1) from the vendor's domain openclaw.ai directly into system interpreters. This method of installation poses a significant security risk as it bypasses standard package verification and integrity checks.
- [PROMPT_INJECTION]: The instructions explicitly direct the agent to 'Treat third-party skills as trusted code'. This directive effectively advises the AI to disregard security boundaries and safety protocols when processing potentially malicious external content from the public ClawdHub registry.
- [COMMAND_EXECUTION]: The skill encourages the installation of a system daemon ('openclaw onboard --install-daemon') and the execution of high-privilege security audits. Installing background services increases the system's attack surface and establishes persistent execution paths.
- [EXTERNAL_DOWNLOADS]: The skill documentation describes workflows for installing global NPM packages (openclaw@latest) and searching for or installing community-contributed skills from an external registry (clawdhub), which creates a wide attack surface for dependency-related threats and the execution of untrusted third-party code.
Recommendations
- HIGH: Downloads and executes remote code from: https://openclaw.ai/install.sh - DO NOT USE without thorough review
Audit Metadata