skills/openclaw/peekaboo/crabbox/Gen Agent Trust Hub

crabbox

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides extensive instructions for executing complex shell commands and scripts locally. Examples include using pnpm, node, and the crabbox CLI to manage remote environments and run test suites.
  • [REMOTE_CODE_EXECUTION]: As its primary function, the skill enables and documents the execution of arbitrary code on remote hosts managed by AWS, Blacksmith Testbox, or reached via SSH. It specifically details flags for uploading scripts (--script) and executing shell strings (--shell) on these remote targets.
  • [EXTERNAL_DOWNLOADS]: The skill references the installation of the Crabbox CLI via a vendor-specific Homebrew tap (openclaw/tap/crabbox) and directs authentication and orchestration traffic to the vendor's coordinator at https://crabbox.openclaw.ai.
  • [DATA_EXFILTRATION]: The orchestration tool includes built-in functionality to redirect and capture remote process output to local files (--capture-stdout, --capture-stderr) and automatically download remote test artifacts or logs when processes fail (--capture-on-fail). This is standard behavior for a CI/orchestration utility but represents a data movement vector from remote to local systems.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 02:12 PM
Security Audit — agent-trust-hub — crabbox