skills/aliyun/alibabacloud-aiops-skills/alibabacloud-openclaw-skill-security-scan/Gen Agent Trust Hub
alibabacloud-openclaw-skill-security-scan
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates security scans by executing local shell scripts (
main.sh,basic_udf.sh,skill_zip_packager.sh) and theopenclawCLI. These operations are necessary to perform file-system analysis and environmental audits as described in its purpose. - [DATA_EXFILTRATION]: As part of its 'Cloud Deep Analysis' feature, the skill packages target skill directories into ZIP files and uploads them to
riskpunish.aliyuncs.com. While this involves transmitting local code to a remote server, it is a documented function of the scanner, and the destination is a legitimate security endpoint owned by the vendor (Aliyun). - [EXTERNAL_DOWNLOADS]: The skill interacts with Alibaba Cloud's security services at
riskpunish.aliyuncs.comto query file reputation and perform deep scanning. These network operations are limited to official vendor domains and are essential for providing cloud-enhanced security intelligence. - [PROMPT_INJECTION]: The
references/skillaudit.mdfile andscripts/main.shcontain various prompt injection strings and jailbreak patterns (e.g., 'ignore previous instructions', 'DAN'). These are present as reference benchmarks for the static analysis engine to detect risks in other skills and do not represent a threat within this skill itself.
Audit Metadata