Skills
skills/wecomteam/wecom-openclaw-plugin/wecom-preflight/Gen Agent Trust Hub

wecom-preflight

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to interact with the openclaw CLI. It retrieves configuration values using 'openclaw config get' and modifies the tool allow-list using 'openclaw config set'.
  • [COMMAND_EXECUTION]: The skill modifies the security policy of the agent's environment by adding wecom_mcp to the 'tools.alsoAllow' list. This allows the execution of the enterprise WeChat tool which is the primary purpose of this preflight skill.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing command-line output. 1. Ingestion points: Output from 'openclaw config get' in SKILL.md. 2. Boundary markers: Absent; no delimiters are used when the agent reads the command output. 3. Capability inventory: Modification of security configurations and instructions for gateway restarts. 4. Sanitization: Absent; the skill does not explicitly validate the output of the configuration check before proceeding with updates.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 04:17 AM