agent-doctor
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill is instructed to read the primary
openclaw.jsonconfiguration file and scan thememory/directory for API keys usinggrep -r "sk-", which provides access to sensitive credentials and environment data. - [COMMAND_EXECUTION]: The agent is provided with shell commands (using
sqlite3,jq, andsed) to perform "auto-fixes" on the system, including modifying core configuration files and manipulating the internal database. - [COMMAND_EXECUTION]: The diagnostic process includes commands to identify and terminate processes using specific ports (
lsof -ti:3000 | xargs kill -9), granting the agent process management capabilities. - [EXTERNAL_DOWNLOADS]: The skill's documentation and installation procedures suggest fetching remote scripts and resources via
curl,wget, andgit clonefrom external sources. - [COMMAND_EXECUTION]: The provided
auto-diagnostic.shscript utilizesevalto execute dynamically constructed command strings during the health check phase.
Audit Metadata