parallels-discord-roundtrip
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides shell commands involving
ssh,pnpm, andprlctl. It instructs the agent to usesshto execute commands on a specific remote host (peters-mac-studio-1) and utilizesprlctl execto run shell commands inside guest VM environments with elevated permissions. - [CREDENTIALS_UNSAFE]: The skill includes logic to retrieve and use authentication tokens. It provides a shell command that extracts a Discord token from a configuration file located at
~/.openclaw/openclaw.jsonon a remote machine and references anOPENAI_API_KEYas an environment input. - [DATA_EXFILTRATION]: The skill retrieves authentication tokens from a hidden configuration file on a remote server. The instruction to
sshinto a host and runjqto read a token from~/.openclaw/openclaw.jsondescribes a mechanism for accessing secrets on a remote file system. - [EXTERNAL_DOWNLOADS]: The skill uses
pnpm, which typically involves downloading external Node.js packages during the execution of test suites. - [SAFE]: The skill presents an indirect prompt injection surface as it reads data from Discord channel history. 1. Ingestion points: Reads Discord channel history using the
openclaw message readcommand. 2. Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded commands in the channel data. 3. Capability inventory: The skill utilizes subprocess calls for VM control (prlctl), remote shell access (ssh), and package management (pnpm). 4. Sanitization: No sanitization or validation logic for the external Discord content is specified in the skill file.
Audit Metadata