Skills
skills/vinta/dear-ai/deploy-openclaw-bot-for-me/Gen Agent Trust Hub

deploy-openclaw-bot-for-me

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill body consists of a single instruction to fetch content from https://vinta.github.io/dear-ai/deploy-openclaw-bot-for-me.md. This source is not within the defined trusted organizations or repositories.
  • [REMOTE_CODE_EXECUTION] (HIGH): By instructing the agent to 'follow' the fetched content, the skill effectively implements remote instruction execution. An attacker controlling the remote markdown file could lead the agent to perform unauthorized actions.
  • [COMMAND_EXECUTION] (MEDIUM): The skill allows access to powerful system tools including Bash(ssh:*), Bash(ssh-keygen:*), and Bash(chmod:*). While these are necessary for the stated purpose of deploying a bot, their use is governed by untrusted remote instructions, increasing the risk of abuse.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:34 PM