Skills
skills/sundial-org/awesome-openclaw-skills/komodo/Gen Agent Trust Hub

komodo

Fail

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The create-stack command in scripts/komodo.py reads the contents of local files specified by the compose_file and env_file arguments and transmits them via a POST request to the remote server configured in KOMODO_ADDRESS. This functionality allows for the exposure and exfiltration of any local file the agent has permission to read (such as SSH keys, cloud credentials, or environment files) if an attacker influences the file paths provided to the agent.
  • [PROMPT_INJECTION]: The skill displays un-sanitized container logs which creates a surface for Indirect Prompt Injection. Malicious instructions embedded in application logs could be interpreted as commands by the AI agent.
  • Ingestion points: Network data retrieved from GetLog and GetStackServiceLog API endpoints in scripts/komodo.py.
  • Boundary markers: None. Log content is printed directly to the agent's context without delimiters or safety warnings.
  • Capability inventory: The skill has the ability to read local files (cmd_create_stack) and perform authenticated network writes to the Komodo API.
  • Sanitization: There is no filtering or sanitization of the log content before it is processed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 16, 2026, 03:09 PM