The Agent Skills Directory

[COMMAND_EXECUTION]: The skill implements a 'CLI Command Gateway' mode that allows users to provide arbitrary shell command strings. In the testing phase (Step 7), the agent is instructed to replace placeholders and execute these user-provided commands, which enables arbitrary system command execution.\n- [CREDENTIALS_UNSAFE]: The configuration workflow prompts users for sensitive authentication data, such as Bearer tokens and custom headers. These secrets are stored in cleartext in the ~/.codex/.omx-config.json file and are subsequently used in curl commands, potentially exposing them in system logs or process lists.\n- [EXTERNAL_DOWNLOADS]: The skill uses the curl utility to send JSON payloads to user-specified HTTP endpoints. The interpolation of user-provided URLs and header values into these shell-based network requests introduces a risk of command injection if the inputs contain shell metacharacters.\n- [PROMPT_INJECTION]: This skill is vulnerable to indirect prompt injection as it ingests untrusted data through user prompts (Steps 3A, 3B) and uses that data in highly capable operations without sufficient sanitization. Ingestion points include the AskUserQuestion calls for URLs and shell commands. There are no boundary markers or instructions to ignore embedded commands. Capability inventory includes file-writing via jq, network operations via curl, and arbitrary shell execution. Sanitization is limited to a basic prefix check for URLs.

configure-openclaw