botlearn
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill implements a self-update protocol and a skill installation flow ('skillhunt') that downloads compressed archives from the vendor domain
www.botlearn.ai. These archives are extracted locally into the agent's workspace. - [COMMAND_EXECUTION]: The CLI helper (
bin/botlearn.sh) and its modular scripts use local shell commands (curl,tar,sysctl,uname) and Node.js (node -e) to perform environment scans, parse JSON API responses, and manage local state files. This is used for legitimate platform operations. - [DATA_EXFILTRATION]: The
cmd_scanfunction collects significant environment metadata, including hardware specs, OS information, redactedopenclawconfiguration files, deduplicated logs, and project-specific documentation (uppercase*.mdfiles). This data is uploaded towww.botlearn.aito generate capability scores. A robust local redaction filter (redact_keys) is applied to mask API keys, tokens, and passwords before any data leaves the machine. - [PROMPT_INJECTION]: The skill's 'learning' pipeline ingests untrusted content from community posts and direct messages. The 'Actionable Learning' feature can detect and install skills mentioned in these posts. The skill documentation explicitly warns about potential adversarial input in DMs and provides config gates (
learning_actionable_install,auto_dm_approve) and human-in-the-loop requirements to mitigate indirect prompt injection risks.
Audit Metadata