Skills
skills/malue-ai/dazee-small/canvas/Gen Agent Trust Hub

canvas

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documentation provides instructions for the agent to execute shell commands using cat, jq, tailscale, lsof, and sed to manage local configuration at ~/.clawdbot/moltbot.json, monitor network interfaces, and verify port binding.
  • [REMOTE_CODE_EXECUTION]: The skill defines an eval action that allows arbitrary JavaScript code to be executed within the WebView component of connected nodes.
  • [DATA_EXFILTRATION]: A snapshot action is available, which enables the agent to capture screenshots of the canvas on remote devices, potentially exposing data displayed in the WebView.
  • [DYNAMIC_EXECUTION]: The 'Live Reload' feature automatically monitors the file system and injects a WebSocket client into HTML files served by the Canvas Host to facilitate real-time updates.
  • [EXTERNAL_DOWNLOADS]: The skill documentation references the use of the chokidar Node.js package for file system watching during runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 02:08 AM