Skills
skills/cinience/alicloud-skills/aliyun-openclaw-setup-test/Gen Agent Trust Hub

aliyun-openclaw-setup-test

Warn

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to read ~/.openclaw/openclaw.json and check for the DISCORD_BOT_TOKEN environment variable. These are known locations for sensitive authentication tokens. Accessing these credentials makes them available in the agent's interaction context and may cause them to be recorded in the local output directory output/aliyun-openclaw-setup-test/.\n- [COMMAND_EXECUTION]: The skill uses several system commands including openclaw doctor and openclaw gateway status to validate the environment. The output of these commands, which can contain system-specific metadata and configuration details, is captured and saved to disk.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by consuming data from external sources.\n
  • Ingestion points: Documentation from https://docs.openclaw.ai/channels/index and the output generated by the openclaw CLI.\n
  • Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from being influenced by potentially malicious instructions contained within the external documentation or CLI outputs.\n
  • Capability inventory: The skill is capable of reading local files, executing arbitrary shell commands through the openclaw CLI, and performing network requests.\n
  • Sanitization: No sanitization, validation, or filtering is applied to the content retrieved from the documentation website or command outputs before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 9, 2026, 06:56 PM