jarvis-mission-control

Fail

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The configuration file ecosystem.config.cjs contains several hardcoded plaintext secrets, including a login password (MC_AUTH_PASS) and two high-entropy authentication tokens (MC_AGENT_TOKEN and OPENCLAW_GATEWAY_TOKEN) represented as hex strings.
  • [COMMAND_EXECUTION]: The server implementation in server/index.js provides an API endpoint at /api/cli/run which uses execFile to execute a whitelist of system and application commands. While restricted to specific commands like openclaw and uptime, this represents a significant capability for interacting with the underlying host system.
  • [EXTERNAL_DOWNLOADS]: The script scripts/update-mission-control.sh is designed to download a ZIP archive from a remote vendor URL (missiondeck.ai) and unzip it over the current installation directory, facilitating unverified remote code updates.
  • [PROMPT_INJECTION]: The skill instructions and documentation in SKILL.md and SECURITY.md contain self-referential safety claims (e.g., "Security-audited: 0 HIGH, 0 CRITICAL") and instructions to agents regarding their behavior. Additionally, the skill presents a vulnerability surface for indirect injection as it ingests untrusted data from sources like Telegram and the API without robust boundary markers.
  • Ingestion points: server/index.js (task and message creation), server/telegram-bridge.js (parsing mentions).
  • Boundary markers: Absent for external task/comment content.
  • Capability inventory: execFile command execution in server/index.js, file-system write access for task persistence.
  • Sanitization: Partial sanitization via sanitizeInput which strips specific characters.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 26, 2026, 07:51 AM
Security Audit — agent-trust-hub — jarvis-mission-control