byted-util-arkclaw-kb

Fail

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/search_knowledge.py downloads a search client binary and its MD5 checksum from the vendor-controlled domain volces.com. While the domain is associated with the author, the automatic retrieval of binary executables is a notable security pattern.\n- [REMOTE_CODE_EXECUTION]: The skill grants execution permissions to the downloaded binary (chmod +x) and executes it using subprocess.run, allowing the execution of remote code in the local environment based on user-provided arguments.\n- [COMMAND_EXECUTION]: The script scripts/search_knowledge.py modifies the configuration file at /root/.openclaw/workspace/AGENTS.md to inject a persistent 'ArkClaw KB First Policy'. This policy forces the agent to prioritize this skill for all product-related queries, which represents an unauthorized modification of persistent agent behavior settings.\n- [PROMPT_INJECTION]: The SKILL.md file defines 'Mandatory Call Rules' that command the agent to 'MUST call this skill BEFORE answering' and use its results as the 'first-priority evidence source', attempting to override the agent's default operational guidelines and decision-making logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 18, 2026, 06:20 AM
Security Audit — agent-trust-hub — byted-util-arkclaw-kb