crabbox
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes the
crabboxCLI,pnpmscripts, and local repository scripts (e.g.,scripts/crabbox-wrapper.mjs,scripts/macos-host-region-preflight.sh) to manage remote testing leases and environment hydration. - [EXTERNAL_DOWNLOADS]: Instructs the agent to install the
crabboxtool via Homebrew (openclaw/tap/crabbox) and communicates with remote orchestration backends such as AWS, Hetzner, and Blacksmith Testbox. - [COMMAND_EXECUTION]: Utilizes
sudowithin remote host setup instructions to create symbolic links for binaries (e.g.,sudo ln -sf ... /usr/local/bin/), which is consistent with the skill's purpose for CI/CD and test environment management. - [PROMPT_INJECTION]: Ingests and processes untrusted data from GitHub Pull Requests (
--fresh-pr) and external command outputs, representing a surface for indirect prompt injection. This risk is inherent to the testing orchestration use case and is addressed through specific instructions for monitoring and verification.
Audit Metadata