crabbox
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides extensive instructions for executing complex shell commands and scripts locally. Examples include using
pnpm,node, and thecrabboxCLI to manage remote environments and run test suites. - [REMOTE_CODE_EXECUTION]: As its primary function, the skill enables and documents the execution of arbitrary code on remote hosts managed by AWS, Blacksmith Testbox, or reached via SSH. It specifically details flags for uploading scripts (
--script) and executing shell strings (--shell) on these remote targets. - [EXTERNAL_DOWNLOADS]: The skill references the installation of the Crabbox CLI via a vendor-specific Homebrew tap (
openclaw/tap/crabbox) and directs authentication and orchestration traffic to the vendor's coordinator athttps://crabbox.openclaw.ai. - [DATA_EXFILTRATION]: The orchestration tool includes built-in functionality to redirect and capture remote process output to local files (
--capture-stdout,--capture-stderr) and automatically download remote test artifacts or logs when processes fail (--capture-on-fail). This is standard behavior for a CI/orchestration utility but represents a data movement vector from remote to local systems.
Audit Metadata