claw-helper
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to autonomously execute
openclawCLI commands for diagnostics and configuration management. This is the primary purpose of the skill. Evidence:SKILL.md("诊断问题时,自己运行相关 openclaw 命令收集信息", "永远使用 openclaw config set "). - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it relies on external documentation and experience files to guide its actions. If an attacker modifies these local files, the agent could be induced to run malicious CLI commands.
- Ingestion points: Documentation files located at
{{docsPath}}and theexperience.mdfile. - Boundary markers: Absent. The instructions do not specify delimiters or safety warnings for processing external content.
- Capability inventory: Execution of
openclawCLI commands and writing updates to local documentation indexes and experience logs. - Sanitization: Absent. No validation or filtering is applied to the content retrieved from external files before it is used to determine agent actions.
Audit Metadata