skills/bighardperson/computer-science-skills-collection/openclaw-assets-to-workbuddy/Gen Agent Trust Hub
openclaw-assets-to-workbuddy
Warn
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses highly sensitive directories and files, including
~/.openclaw/credentials/,oauth.json, and.envfiles. While the stated goal is local migration, reading these files exposes them to the agent's context. - [CREDENTIALS_UNSAFE]: The instructions specifically detail the extraction and migration of secrets such as
appSecret,botToken,appKey,apiKey, andencryptKeyfrom the source platform to the destination configuration. - [COMMAND_EXECUTION]: The skill provides example configurations for MCP servers that involve executing shell commands (e.g.,
npx @playwright/mcp@latest). If the migration source is compromised, it could lead to the execution of malicious commands during the configuration setup. - [PROMPT_INJECTION]: The skill performs "merging" and "absorption" of content from untrusted user-controlled files like
MEMORY.md,SOUL.md, andIDENTITY.md. This represents an indirect prompt injection surface where malicious instructions hidden in the source files could influence the agent's behavior during or after migration. - Ingestion points: Files located in
~/.openclaw/workspace/(SOUL.md, MEMORY.md, etc.) and~/.openclaw/credentials/. - Boundary markers: The skill instructs the agent to "merge" and "absorb" rather than strictly delimit, though it does prioritize existing WorkBuddy content.
- Capability inventory: The skill allows reading and writing to sensitive system paths (
~/.workbuddy, IDE settings, etc.). - Sanitization: No explicit sanitization of the content being merged is mentioned beyond conflict resolution strategies.
Audit Metadata