caddy
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires administrative privileges via
sudoto perform high-risk operations such as managing system services withlaunchctland granting binary capabilities withsetcapon Linux.\n- [EXTERNAL_DOWNLOADS]: Users are instructed to build a custom binary usingxcaddy, which downloads thecaddy-dns/vercelplugin from a remote GitHub repository during the build process.\n- [CREDENTIALS_UNSAFE]: The documentation suggests storing sensitive Vercel API tokens (vcp_*) in environment files or LaunchDaemon plist files, which remain in plaintext on the local filesystem.\n- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by modifying local configuration files based on untrusted user inputs.\n - Ingestion points:
~/.config/caddy/Caddyfileand~/.openclaw/openclaw.json(described inSKILL.mdandOPENCLAW.md).\n - Boundary markers: None present; configuration blocks are manually edited or appended.\n
- Capability inventory: The skill uses
caddy reload,launchctl, andsystemctlto apply these configuration changes to the system.\n - Sanitization: No evidence of input validation or escaping for variables like
YOUR_DOMAINorAPPNAMEbefore writing to config files.
Recommendations
- AI detected serious security threats
Audit Metadata