Skills
skills/fly0pants/adclaw/admapix/Gen Agent Trust Hub

admapix

Fail

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill implements a complex shell-based polling loop to check the status of deep research tasks. This loop uses echo "$r" to output the raw JSON response from the remote server. If the server returns malicious content containing command substitutions (such as backticks or $()), it could lead to arbitrary command execution on the user's system when the agent processes the script.
  • [CREDENTIALS_UNSAFE]: The skill instructions contain a hardcoded authentication token (Authorization: Bearer test-local-token-2026) used for accessing the deep research backend. Hardcoding static credentials in instructions is a major security risk as they can be misused or exposed.
  • [DATA_EXFILTRATION]: During the 'Deep Research' workflow, the skill is instructed to send the user's ADMAPIX_API_KEY to the remote endpoint deepresearch.admapix.com. Although this is part of the vendor's infrastructure, it involves transmitting sensitive authentication credentials to an additional remote service.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data and analysis results from deepresearch.admapix.com. While this domain belongs to the vendor, the method used to process the downloaded task data introduces significant security concerns.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It is instructed to 'take output.summary (already formatted as bullet points) and present it directly' from the research framework. Since this summary is generated from external data sources by a remote system, it could contain malicious instructions designed to hijack the agent's behavior. The instructions lack boundary markers or sanitization for this external content.
  • Ingestion points: The output.summary field from the JSON response at deepresearch.admapix.com/research/{task_id} (documented in SKILL.md).
  • Boundary markers: None. The instructions tell the agent to present the content 'directly'.
  • Capability inventory: The skill can execute shell commands (curl, grep, cut, echo), perform network operations, and modify the agent's configuration (openclaw config set).
  • Sanitization: None. There is no evidence of escaping, validation, or filtering of the remote content before it is processed.
Recommendations
  • HIGH: Downloads and executes remote code from: https://deepresearch.admapix.com/research/{task_id} - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 26, 2026, 12:12 AM