Skills
skills/seqis/openclaw-skills-converted-from-claude-code/agent-ux-optimizer/Gen Agent Trust Hub

agent-ux-optimizer

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Dynamically downloads and executes the Google Lighthouse package from the npm registry using npx. As Lighthouse is a well-known service from a trusted vendor (Google), this behavior is considered safe but is documented as an external dependency.
  • [COMMAND_EXECUTION]: The skill instructions include shell commands for running audits (npx lighthouse <url>) and viewing reports. While necessary for the skill's function, this relies on the underlying agent to safely handle the URL parameter and execution environment.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it ingests untrusted data from the filesystem and the web while maintaining high-privilege capabilities.
  • Ingestion points: Reads local code via Read and Glob tools; fetches remote content via WebFetch and WebSearch tools.
  • Boundary markers: None present. There are no instructions to the agent to disregard or isolate embedded commands in the data it analyzes.
  • Capability inventory: High-risk tools are available, including Bash for command execution and Write/Edit for file system modification.
  • Sanitization: No explicit sanitization or validation of the input data is specified before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 01:13 AM