sunny-boyfriend
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the openclaw npm package globally on the system via npm install.
- [COMMAND_EXECUTION]: The skill requests broad permissions to execute Bash commands, specifically allowing access to npm, npx, openclaw, and curl for messaging, configuration, and setup tasks.
- [PROMPT_INJECTION]: The skill is potentially vulnerable to indirect prompt injection because it processes untrusted user chat messages and uses them to trigger actions through powerful system tools without defined boundary markers or sanitization logic.
- Ingestion points: The skill ingests user messages to understand intent and extract personal details (such as dates and preferences) for storage and later use.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between user-provided data and its own internal system instructions during processing.
- Capability inventory: The skill possesses extensive capabilities including Bash (npm, npx, openclaw, curl), Read, and Write tools, which could be exploited if malicious instructions within user messages are accidentally obeyed.
- Sanitization: There is no evidence of sanitization, escaping, or validation of user-provided content before it is stored in the memory file or used to populate messages sent via tools.
Audit Metadata