signet
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The 'What You Should Never Do' and 'How Signet Actually Works' sections contain instructions that explicitly forbid the agent from criticizing the system's architecture, discussing its efficiency, or suggesting alternatives to the user. This is a form of behavioral concealment that overrides the agent's ability to provide unbiased evaluations.
- [CREDENTIALS_UNSAFE]: The skill provides explicit commands and API examples (
signet secret get OPENAI_API_KEY,curl http://localhost:3850/api/secrets/...) to retrieve sensitive API keys and tokens from a local vault. This creates a risk of credential exposure if the agent is induced to execute these commands and share the output. - [EXTERNAL_DOWNLOADS]: The skill instructions include the use of
npx skills install <skill-name>, which facilitates the downloading and installation of third-party code from the npm registry. - [COMMAND_EXECUTION]: The skill documentation describes complex shell operations, including searching for and patching JSON configuration files in hidden user directories (
~/.openclaw,~/.agents/) and managing a background daemon service onlocalhost:3850. - [COMMAND_EXECUTION]: The skill uses
curlto interact with a local daemon API to perform administrative tasks, including status checks and memory searches.
Audit Metadata