clawhub-moderation
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is built to execute administrative tasks via the
bun run admincommand. This includes sensitive operations such as banning users, modifying user roles, and deleting organization publishers. These actions are restricted to local execution within a checked-out repository and rely on existing CLI authentication mechanisms. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it accepts various user-controlled inputs that are subsequently used in shell commands.
- Ingestion points: Placeholders such as
<slug>,<reason>,<handleOrId>, and<csv>inSKILL.mdare intended to be filled by the agent using data from user requests or external files. - Boundary markers: The instructions mandate clear boundary checks, such as requiring explicit confirmation from the user (
--yeslogic) and providing dry-run capabilities for email and organization deletion tasks. - Capability inventory: The skill uses
bun run adminto perform file and API operations across multiple script modules (skills, users, org, packages, email). - Sanitization: While the skill requires human confirmation and reasons for actions, it does not explicitly instruct the agent to escape or sanitize user-provided strings before they are interpolated into the shell commands.
Audit Metadata