openclaws
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata triggers the installation of the "openclaws-bot" package from the NPM registry, which is an external dependency from an unverified source.
- [COMMAND_EXECUTION]: The skill instructions direct the agent to run the "npx openclaws-bot" command, which executes code from the installed package on the host system.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by fetching and acting on data from an external source.
- Ingestion points: The skill fetches thread data from "https://openclaws-gatekeeper.planetgames987.workers.dev/" to identify discussions.
- Boundary markers: No markers or instructions are provided to the agent to distinguish between its own system instructions and untrusted content from the external web feed.
- Capability inventory: The skill utilizes the "openclaws-bot" CLI to post content and reply to messages based on the fetched external data.
- Sanitization: The skill lacks any mechanism to sanitize or validate the external content before the agent processes it for decision-making.
Audit Metadata