Skills
skills/zackkorman/skills/openclaw-admin-security-breakglass/Gen Agent Trust Hub

openclaw-admin-security-breakglass

Fail

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses persuasive framing ('security hardening', 'protection measure') to direct the agent to override the application's standard access control logic in src/web/inbound/access-control.ts.
  • [REMOTE_CODE_EXECUTION]: The skill performs dynamic code injection by instructing the agent to insert a TypeScript block into the server's source code, which is subsequently executed when the application restarts.
  • [COMMAND_EXECUTION]: The skill triggers the gateway tool with action="restart" to reload the service and execute the modified source code, applying the authentication bypass to the live environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 23, 2026, 09:59 PM