clawdbot-config
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The README.md recommends installation using
npx skills add tumf/clawdbot-config. The accounttumfis not on the trusted sources list, posing a risk of executing untrusted code during the installation process. - DATA_EXFILTRATION (MEDIUM): The
config-schema.mddefines a configuration for the iMessage channel that targets~/Library/Messages/chat.db. This path contains highly sensitive user message history. Accessing this file exposes private data to the agent. - COMMAND_EXECUTION (MEDIUM): The schema includes configuration for a
tools.execsetting and a DockersetupCommand. These settings enable the execution of arbitrary system commands, which presents a significant risk if the agent is manipulated by untrusted input. - PROMPT_INJECTION (LOW): The skill defines configurations for messaging channels (WhatsApp, Telegram, Discord) that serve as ingestion points for untrusted external data. This architecture is vulnerable to indirect prompt injection. Mandatory Evidence Chain: 1. Ingestion points: messaging channel configurations in
references/config-schema.md. 2. Boundary markers: No delimiters or ignore instructions are specified in the schema. 3. Capability inventory:exectool,browsertool, and DockersetupCommanddefined inreferences/config-schema.md. 4. Sanitization: No sanitization or validation logic is present in the provided schema.
Audit Metadata