openclaw-design

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The autoreview script executes git, gh (GitHub CLI), and various AI agent CLIs (codex, claude, pi, opencode, cursor) to facilitate the code review process.\n- [COMMAND_EXECUTION]: The tool provides an optional --parallel-tests capability that executes user-supplied test commands in a shell environment concurrently with AI reviews.\n- [DATA_EXFILTRATION]: The autoreview tool collects source code, git diffs, and untracked files to send to external LLM providers for analysis as part of its core functionality.\n- [DATA_EXFILTRATION]: To protect sensitive information, the script incorporates an extensive secret detection engine that identifies API keys, tokens, and private keys using regex patterns before they are included in a review bundle.\n- [DATA_EXFILTRATION]: Path filtering is implemented to explicitly block access to sensitive directories such as .ssh, .aws, .gnupg, and private environment files.\n- [SAFE]: The skill employs strong isolation techniques for AI agents, including scrubbing the execution environment of host credentials and ensuring the repository under review cannot provide malicious binaries to the tool's execution PATH.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 05:52 PM
Security Audit — agent-trust-hub — openclaw-design