skills/openclaw/fs-safe/crabbox/Gen Agent Trust Hub

crabbox

Pass

Audited by Gen Agent Trust Hub on Jul 12, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill documents standard CI/CD operations, including remote command execution and environment synchronization, which are consistent with the tool's primary purpose as an orchestration wrapper for the OpenClaw project.
  • [COMMAND_EXECUTION]: The skill provides instructions for using various CLI tools (e.g., crabbox, blacksmith, pnpm, node, brew) to manage test lifecycles. It includes specific commands for environment setup, such as using sudo to link binaries to the global path.
  • [CREDENTIALS_UNSAFE]: The skill explicitly promotes secure credential handling practices. It instructs the agent to avoid logging, printing, or persisting secrets in remote history and recommends direct, targeted environment injection for single-command execution.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the Crabbox CLI via Homebrew and synchronizes code checkouts from GitHub repositories (e.g., for PR validation). These operations target official project infrastructure and well-known developer services.
  • [REMOTE_CODE_EXECUTION]: The core functionality of the skill is to execute commands on remote AWS and Blacksmith Testbox instances. This capability is managed through authenticated tools and is used for intended validation and proof-of-work tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 12, 2026, 10:57 AM
Security Audit — agent-trust-hub — crabbox