The Agent Skills Directory

[COMMAND_EXECUTION]: The installation logic in src/commands/install.ts executes the openclaw CLI to manage plugins and system configuration. It also utilizes a detached Node.js process to perform a scheduled restart of the gateway service.\n- [EXTERNAL_DOWNLOADS]: During setup, the skill fetches its own plugin package using the openclaw plugin manager, which is a legitimate operation for the verified vendor resource.\n- [DATA_EXFILTRATION]: The skill manages sensitive API credentials and session tokens, reading and writing them to the protected ~/.ferrite/credentials.json file. It communicates with the vendor's infrastructure at api.useferrite.com for proxied requests and account status.\n- [PROMPT_INJECTION]: The skill injects a routing directive into the agent's context via src/openclaw-plugin/hooks/prompt-routing.ts. These instructions steer the agent to prioritize the Ferrite gateway for external API tasks and define specific response styles.\n- [PROMPT_INJECTION]: Analysis identifies an attack surface for indirect prompt injection as the skill processes data from third-party APIs. (1) Ingestion points: Data enters through the ferrite_use and ferrite_search tools. (2) Boundary markers: No explicit delimiters are used in the data processing flow. (3) Capability inventory: High-privilege capabilities are available, including file operations on GitHub, Google, and Microsoft services, as well as instructions for local CLI tool execution in skills like agentscale.md. (4) Sanitization: External content is not sanitized before interpolation into the agent context.

ferrite