Skills
skills/188080501/jqopenclaw/jqopenclaw-node-invoker/Gen Agent Trust Hub

jqopenclaw-node-invoker

Fail

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The node.selfUpdate capability allows the agent to download an executable from a user-provided URL and run it via a generated batch script, representing a classic remote code execution and downloader pattern.
  • [COMMAND_EXECUTION]: The system.run and process.exec capabilities provide mechanisms for executing arbitrary programs and scripts on the target node with support for arguments and environment variables.
  • [COMMAND_EXECUTION]: The system.input capability allows the agent to simulate mouse movements, clicks, and keyboard typing, which can be used to bypass certain security controls or perform unauthorized actions in a graphical user interface.
  • [COMMAND_EXECUTION]: The process.manage capability permits searching for and terminating running processes, which could be used to disable security software or interrupt critical system services.
  • [EXTERNAL_DOWNLOADS]: The node.selfUpdate functionality accepts an arbitrary downloadUrl parameter to fetch executable content from the network.
  • [COMMAND_EXECUTION]: The file.write capability provides broad access to the file system, including writing, moving, and deleting files and directories, which can lead to data loss or system instability if misused.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 16, 2026, 03:20 PM