advanced-skill-creator
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Reference to a malicious URL flagged by automated scanners. Evidence: Both
SKILL.mdandscripts/advanced_skill_processor.pyreferencehttps://docs.clawd.bot/tools/skills. Context: Automated security scans (URLite) have flagged this domain for botnet-related activity (Botnet|UR3BA220620CBB01B2-0200). - [PROMPT_INJECTION]: Presence of persona manipulation instructions and a significant indirect injection attack surface. Persona Manipulation: The 'System Prompt Integration' section in
SKILL.mduses role-play prompts ('You are now an OpenClaw... expert') to override the agent's identity and instructions. Indirect Injection Surface: (1) Ingestion points: The skill's core research flow (Steps 2 and 3) requires the agent to browse and process content from untrusted sources such as ClawHub and GitHub. (2) Boundary markers: Absent. No instructions are provided to delineate untrusted content or to ignore potential instructions embedded within researched skills. (3) Capability inventory: The skill metadata requirespython3andbashcapabilities, and the provided Python script imports thesubprocessmodule. (4) Sanitization: Absent. The skill lacks any mechanism to validate or sanitize external data before fusing it into recommended code outputs. - [COMMAND_EXECUTION]: The skill requires environment permissions to execute local scripts. Evidence: The
SKILL.mdmetadata explicitly requestspython3andbashbinaries. Implementation: The skill includes a functional Python scriptscripts/advanced_skill_processor.pydesigned to be executed during the skill creation process.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata