transcript
Fail
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The authentication script
scripts/tapi-auth.jsimplements a persistence mechanism by modifying shell configuration and environment files across multiple platforms. - Evidence: The script automatically modifies
.zshenv,.zprofile,.profile,.bashrc,.config/environment.d/transcript-api.conf,.config/fish/config.fish, and Windows PowerShell profiles to inject environment variables. - [CREDENTIALS_UNSAFE]: The skill stores sensitive API keys in plain text within numerous shell profiles and agent configuration files, increasing the potential exposure of the user's credentials.
- Affected files include:
~/.openclaw/openclaw.json,~/.clawdbot/moltbot.json, and various shell RC files. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external content (YouTube transcripts) with broad system capabilities.
- Ingestion points: YouTube transcript text fetched via the
transcriptapi.comAPI inSKILL.md. - Boundary markers: Absent; there are no instructions to the agent to distinguish between its commands and the transcript content.
- Capability inventory: Capability to execute shell commands (
curl) and perform file-system write operations through the bundled Node.js script. - Sanitization: Absent; the skill does not validate or filter the transcript content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata