Skills
skills/wghust/stark-skills/openclaw-help/Gen Agent Trust Hub

openclaw-help

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The bundled documentation (reference.md) provides a piped shell execution command (curl -fsSL https://openclaw.ai/install.sh | bash) for software installation. While typical for developer tools, this pattern is high-risk as the source is not a pre-verified trusted vendor.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch data from docs.openclaw.ai and utilizes a web search fallback.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external web content.
  • Ingestion points: WebFetch from docs.openclaw.ai and results from WebSearch.
  • Boundary markers: No specific delimiters or safety instructions are used to isolate external content from the prompt context.
  • Capability inventory: File reading (grep), network fetching (WebFetch), and web searching (WebSearch).
  • Sanitization: No input validation or content filtering is implemented for the data retrieved from external sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 06:28 AM