jarvis-mission-control
Fail
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The configuration file
ecosystem.config.cjscontains several hardcoded plaintext secrets, including a login password (MC_AUTH_PASS) and two high-entropy authentication tokens (MC_AGENT_TOKENandOPENCLAW_GATEWAY_TOKEN) represented as hex strings. - [COMMAND_EXECUTION]: The server implementation in
server/index.jsprovides an API endpoint at/api/cli/runwhich usesexecFileto execute a whitelist of system and application commands. While restricted to specific commands likeopenclawanduptime, this represents a significant capability for interacting with the underlying host system. - [EXTERNAL_DOWNLOADS]: The script
scripts/update-mission-control.shis designed to download a ZIP archive from a remote vendor URL (missiondeck.ai) and unzip it over the current installation directory, facilitating unverified remote code updates. - [PROMPT_INJECTION]: The skill instructions and documentation in
SKILL.mdandSECURITY.mdcontain self-referential safety claims (e.g., "Security-audited: 0 HIGH, 0 CRITICAL") and instructions to agents regarding their behavior. Additionally, the skill presents a vulnerability surface for indirect injection as it ingests untrusted data from sources like Telegram and the API without robust boundary markers. - Ingestion points:
server/index.js(task and message creation),server/telegram-bridge.js(parsing mentions). - Boundary markers: Absent for external task/comment content.
- Capability inventory:
execFilecommand execution inserver/index.js, file-system write access for task persistence. - Sanitization: Partial sanitization via
sanitizeInputwhich strips specific characters.
Recommendations
- AI detected serious security threats
Audit Metadata