openclaw-design-audit
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a well-defined audit workflow with clear boundaries for automated actions. It focuses on design compliance and uses deterministic rubrics to guide its analysis.
- [COMMAND_EXECUTION]: Employs standard Git and GitHub CLI (
gh) commands to manage audit branches and Pull Requests. These commands are used as intended for repository automation and do not involve unsanitized user input in a dangerous context. - [EXTERNAL_DOWNLOADS]: Interacts with vendor-owned repositories, such as
openclaw/clawhubandopenclaw-carapace. These interactions are legitimate for fetching design system definitions and delivering audit reports. - [DATA_EXFILTRATION]: No unauthorized data exfiltration was detected. The skill's network operations are restricted to standard repository management within the authorized vendor environment.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests frontend source code for auditing. The risk of instructions embedded in the code influencing the agent is mitigated by the 'Audit Fix Policy', which restricts automated changes to narrow, mechanical fixes and requires human review for broader architectural or visual changes.
Audit Metadata