clawhub-moderation

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is built to execute administrative tasks via the bun run admin command. This includes sensitive operations such as banning users, modifying user roles, and deleting organization publishers. These actions are restricted to local execution within a checked-out repository and rely on existing CLI authentication mechanisms.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it accepts various user-controlled inputs that are subsequently used in shell commands.
  • Ingestion points: Placeholders such as <slug>, <reason>, <handleOrId>, and <csv> in SKILL.md are intended to be filled by the agent using data from user requests or external files.
  • Boundary markers: The instructions mandate clear boundary checks, such as requiring explicit confirmation from the user (--yes logic) and providing dry-run capabilities for email and organization deletion tasks.
  • Capability inventory: The skill uses bun run admin to perform file and API operations across multiple script modules (skills, users, org, packages, email).
  • Sanitization: While the skill requires human confirmation and reasons for actions, it does not explicitly instruct the agent to escape or sanitize user-provided strings before they are interpolated into the shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 03:30 PM
Security Audit — agent-trust-hub — clawhub-moderation