x-research
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The function
getComposioKeyinlib/api.tsattempts to read a sensitive file at the hardcoded absolute path/root/.openclaw/.env. This is a significant security risk as it bypasses standard environment variable management and could expose unrelated secrets stored in the same file to the skill logic. - [Data Exposure & Exfiltration] (LOW): The skill performs network operations to
https://backend.composio.dev/api. While this is the intended backend for the skill, it is an external, non-whitelisted domain that receives the user's API key. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from X/Twitter and incorporates it into agent responses. There is a risk that malicious instructions embedded in tweets could influence the agent's behavior.
- Ingestion points: Data enters via the
search,thread, andprofilefunctions inlib/api.tswhich fetch external content from X. - Boundary markers: None identified. The content is formatted into strings in
lib/format.tswithout markers to distinguish untrusted data from instructions. - Capability inventory: The skill has the capability to perform network requests (
composioExec) and write to the local file system (lib/cache.ts). - Sanitization: Very minimal sanitization is present in
lib/format.ts(regex removal of t.co links), which does not protect against prompt injection patterns.
Recommendations
- AI detected serious security threats
Audit Metadata