openclaw-security-practice-guide
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The instructions demonstrate and suggest the execution of remote scripts using "curl | bash" and "wget | sh" patterns, which are high-risk vectors for arbitrary code execution.
- [COMMAND_EXECUTION]: The skill automates the creation and execution of shell scripts for system-wide auditing and baseline monitoring, including modifications to the user's crontab for persistence.
- [DATA_EXFILTRATION]: Automated audit scripts access sensitive system locations, such as "~/.ssh/authorized_keys", and monitor SUID files, which could potentially expose cryptographic keys or system vulnerabilities if redirected.
- [EXTERNAL_DOWNLOADS]: The skill fetches security guides and documentation from external GitHub repositories associated with the SlowMist organization.
- [PROMPT_INJECTION]: By instructing the agent to 'read this security guide' and 'identify any risks' from an external markdown file without proper boundary markers or sanitization, the skill creates a surface for indirect prompt injection where a compromised guide could influence agent behavior. (Ingestion: SKILL.md; Capabilities: rm, chmod, shell execution; Boundary/Sanitization: Absent).
Recommendations
- HIGH: Downloads and executes remote code from: https://example.com/script.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata