awesome-openclaw-agents-templates
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to clone an external GitHub repository (https://github.com/mergisi/awesome-openclaw-agents.git) and install dependencies using
npm install. This repository is not from a verified or well-known organization. - [REMOTE_CODE_EXECUTION]: By encouraging the cloning and execution of scripts (
node bot.js) from an unverified repository, the skill facilitates potential remote code execution of third-party content. - [COMMAND_EXECUTION]: The documentation includes shell commands for environment setup and agent deployment (e.g.,
openclaw agents add,docker-compose up) which involve executing instructions that manage the local system environment and install external software. - [PROMPT_INJECTION]: The skill provides templates for agents (like PR reviewers and support bots) that process untrusted external data, creating a surface for indirect prompt injection.
- Ingestion points: Templates in
SKILL.mddesigned to read PR diffs, blog topics, and customer support requests. - Boundary markers: Absent in the provided
SOUL.mdtemplates. - Capability inventory: File system writes (
fs.writeFileSync), network operations (fetch,openai.chat.completions), and tool integrations (Slack, GitHub, Zendesk). - Sanitization: No sanitization, validation, or escaping of external content is present in the templates.
Audit Metadata