Skills
skills/rethinking-studio/clawpilot-skills/clawpilot-config/Gen Agent Trust Hub

clawpilot-config

Warn

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to locate and inspect files containing sensitive credentials and authentication tokens.
  • Target files include ~/.hermes/.env and ~/.clawai/runtimes/ccconnect.json.
  • Specific sensitive fields mentioned include gateway token, API_SERVER_KEY, and management tokens. While required for the stated purpose, this provides the agent with access to raw secrets.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface.
  • Ingestion points: Local configuration files (.env, .json) are read by the agent.
  • Boundary markers: Absent.
  • Capability inventory: File reading capabilities.
  • Sanitization: Absent. The agent processes untrusted configuration data without specific safety boundaries.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 5, 2026, 02:48 PM