Skills
skills/sundial-org/awesome-openclaw-skills/auth-checker/Gen Agent Trust Hub

auth-checker

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill suggests running npx ai-auth-check, which retrieves a package from the npm registry authored by an unverified source ('LXGIC Studios').
  • [REMOTE_CODE_EXECUTION]: Usage of npx performs a download and immediate execution of third-party code, which is a high-risk pattern when the source is not a trusted vendor.
  • [PROMPT_INJECTION]: The skill is designed to analyze untrusted source code, establishing an indirect prompt injection surface.
  • Ingestion points: Accesses files within ./src/auth/ and ./src/lib/auth.ts (SKILL.md).
  • Boundary markers: No delimiters or instructions to ignore embedded prompts are present to differentiate audited code from agent instructions.
  • Capability inventory: The skill demonstrates command execution capabilities via the usage of the npx utility.
  • Sanitization: No sanitization or safety checks are performed on the ingested code content before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 03:33 AM