openclaw-admin-vue
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes a link to an official documentation site at
https://claw.227727.xyz. This domain has been identified as malicious and blacklisted by automated reputation scanners. - [REMOTE_CODE_EXECUTION]: The installation instructions for the Hermes Agent integration use a high-risk pattern (
curl | bash) to download and execute a script from a remote GitHub repository. This method provides no opportunity for the user or system to verify the integrity or safety of the code before execution. - [COMMAND_EXECUTION]: The skill implements a 'Web CLI Terminal' using xterm.js, which provides a full terminal interface for the Hermes CLI. This allows for the execution of arbitrary commands on the host system where the gateway is deployed, creating a significant attack surface if the interface is exposed or compromised.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the way it processes external data.
- Ingestion points: Untrusted data enters the agent context through session metadata, chat message streams, and memory document updates (
memoryApi). - Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill possesses powerful capabilities including terminal execution, file system management, and scheduled task triggering.
- Sanitization: No sanitization or validation logic is present to filter malicious instructions from user-provided or external content before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata