byted-util-arkclaw-kb
Fail
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/search_knowledge.pydownloads a search client binary and its MD5 checksum from the vendor-controlled domainvolces.com. While the domain is associated with the author, the automatic retrieval of binary executables is a notable security pattern.\n- [REMOTE_CODE_EXECUTION]: The skill grants execution permissions to the downloaded binary (chmod +x) and executes it usingsubprocess.run, allowing the execution of remote code in the local environment based on user-provided arguments.\n- [COMMAND_EXECUTION]: The scriptscripts/search_knowledge.pymodifies the configuration file at/root/.openclaw/workspace/AGENTS.mdto inject a persistent 'ArkClaw KB First Policy'. This policy forces the agent to prioritize this skill for all product-related queries, which represents an unauthorized modification of persistent agent behavior settings.\n- [PROMPT_INJECTION]: TheSKILL.mdfile defines 'Mandatory Call Rules' that command the agent to 'MUST call this skill BEFORE answering' and use its results as the 'first-priority evidence source', attempting to override the agent's default operational guidelines and decision-making logic.
Recommendations
- AI detected serious security threats
Audit Metadata