Skills
skills/sundial-org/awesome-openclaw-skills/agent-zero-bridge/Gen Agent Trust Hub

agent-zero-bridge

Warn

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • Data Exposure & Exfiltration (MEDIUM): The a0_api.js and a0_client.js files implement a file attachment feature that reads arbitrary files from the local filesystem using fs.readFileSync and sends their base64-encoded content to the Agent Zero API.
  • Evidence: scripts/lib/a0_api.js lines 86-98 iterate through options.attach paths provided via the CLI without validation or restriction, allowing an agent to be tricked into exfiltrating sensitive data like SSH keys or credentials.
  • Capability Exposure / Indirect Prompt Injection (LOW): The clawdbot_client.js and clawdbot_api.js facilitate a bidirectional bridge where Agent Zero can invoke tools on the host's Clawdbot gateway.
  • Evidence Chain (Category 8):
  • Ingestion points: clawdbot_client.js accepts command-line arguments and JSON payloads originating from the Agent Zero environment.
  • Boundary markers: Absent; instructions passed from Agent Zero are executed directly as tool calls.
  • Capability inventory: fs.readFileSync (file access), fs.writeFileSync (file creation in task_breakdown.js), and invokeTool (Clawdbot gateway tools).
  • Sanitization: Filenames in task_breakdown.js are slugged to prevent basic path traversal, but tool arguments in clawdbot_client.js are parsed directly from JSON strings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 22, 2026, 05:44 AM