Skills
skills/sundial-org/awesome-openclaw-skills/codemod-gen/Gen Agent Trust Hub

codemod-gen

Warn

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill relies on the 'ai-codemod' package from the NPM registry, which is executed via 'npx'. This results in the download and execution of code from an unverified third-party organization ('LXGIC Studios').
  • [COMMAND_EXECUTION]: The skill's primary function involves executing commands on the host system using 'npx' to perform code transformations.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8). It takes a plain-text description of a code change and passes it directly to a CLI tool.
  • Ingestion points: The description argument in the command 'npx ai-codemod "{description}"'.
  • Boundary markers: None present to distinguish instructions from data.
  • Capability inventory: Execution of external code via 'npx' and modification of local source files.
  • Sanitization: No evidence of sanitization or validation of the input description was found.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 07:05 AM