openclaw-china-integration
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs several Node.js packages from the @openclaw-china scope to provide connectivity with platforms like DingTalk, QQ, and WeChat.\n- [REMOTE_CODE_EXECUTION]: Recommends using
npx @openclaw-china/setupfor an interactive configuration and environment setup process.\n- [COMMAND_EXECUTION]: Includes instructions for running installation and setup commands within the terminal.\n- [PROMPT_INJECTION]: The skill implements a processing flow that takes messages from external platforms and passes them to the agent, creating an indirect prompt injection surface.\n - Ingestion points: Message event handlers in
SKILL.mdfor incoming platform content.\n - Boundary markers: None are defined in the provided code snippets.\n
- Capability inventory: Includes message sending, media downloading via
downloadMedia, and proactive messaging.\n - Sanitization: No sanitization of incoming text content is demonstrated in the integration examples.
Audit Metadata