cli-anything-openclaw
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a 'native_api' backend that allows the agent to execute arbitrary shell commands and subprocesses as part of defined macro workflows.
- [COMMAND_EXECUTION]: The system uses string interpolation (e.g., '${output}') to build commands from user-supplied parameters, which is a standard execution pattern but creates a risk if the input is not validated.
- [PROMPT_INJECTION]: The skill exhibits vulnerability surfaces for indirect prompt injection:
- Ingestion points: Untrusted data enters the context through CLI parameters (
--param) and macro definition YAML files loaded from the local file system. - Boundary markers: There are no documented delimiters or instructions to ignore embedded commands within the parameters or YAML files.
- Capability inventory: The skill has access to shell execution (
native_api), file transformations (file_transform), and GUI automation backends. - Sanitization: The documentation does not specify any sanitization, escaping, or validation logic for data before it is interpolated into shell commands.
Audit Metadata