general
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and install software from external community registries, specifically
clawhubandskills.sh. Content on these platforms is contributed by third parties and is not verified for security. - [COMMAND_EXECUTION]: The assistant utilizes the
golembotcommand-line tool to manage its environment, executing shell commands to search for, list, install, and remove skills. - [REMOTE_CODE_EXECUTION]: The installation of skills from remote sources via
golembot skill addconstitutes a remote code execution vector. Maliciously crafted skills from these registries could execute arbitrary scripts on the host system upon installation or invocation. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through its reliance on external data and persistent memory.
- Ingestion points: Untrusted data enters the context via
notes.md(read at the start of sessions) and via search results fromgolembot skill search. - Boundary markers: There are no instructions to use delimiters or isolation protocols when incorporating data from
notes.mdor search registries into the active prompt. - Capability inventory: The skill has capabilities to read/write files and execute system commands to install new tools.
- Sanitization: There is no logic provided to sanitize, escape, or validate content retrieved from external sources or previous persistent memory before it is processed by the agent.
Audit Metadata