system-watchdog
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
check.shexecutes several macOS system utilities (sysctl,vm_stat,df,ps) to gather performance and resource metrics. This is required for the skill's primary function and operates with user privileges. - [PROMPT_INJECTION]: The skill processes process names from the system which are then provided to the agent. This creates an indirect prompt injection surface where a maliciously named process could attempt to influence the agent's behavior during report generation.
- Ingestion points: The script
check.shreads theucomm(process accounting name) field from the output of thepscommand. - Boundary markers: While the data is passed in JSON format, the instructions for the agent turn in
openclaw-cron.jsondo not include explicit delimiters or safety instructions to disregard prompts embedded within the system data. - Capability inventory: The skill executes a local shell script and provides data to an agent capable of using a messaging tool.
- Sanitization: Process names are trimmed but not checked for instruction-like content. The attack surface is mitigated by the use of the
ucommfield, which is typically restricted to the executable's short filename rather than full command-line arguments.
Audit Metadata