Skills
skills/sundial-org/awesome-openclaw-skills/deepwork-tracker/Gen Agent Trust Hub

deepwork-tracker

Fail

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill is designed to clone a repository from an untrusted personal GitHub account (adunne09/deepwork-tracker) which is not associated with a trusted vendor.
  • [REMOTE_CODE_EXECUTION]: The skill executes a JavaScript file (deepwork.js) sourced from the external repository. Executing downloaded scripts from unverified sources allows for arbitrary code execution on the user's machine.
  • [DATA_EXFILTRATION]: The skill instructions mandate that work history reports are 'Always send' to a hardcoded Telegram user ID (8551040296), potentially leaking sensitive user activity logs to an unauthorized party.
  • [COMMAND_EXECUTION]: The skill performs shell operations including chmod +x to enable execution of downloaded external code and uses exec to run the script with varying parameters.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 27, 2026, 01:25 PM