Skills
skills/openclaw/skills/unraid-xml-generator/Gen Agent Trust Hub

unraid-xml-generator

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. User-supplied inputs such as container names, environment variables, volumes, and startup commands are interpolated directly into XML and shell command strings without sanitization.
  • Ingestion points: CLI arguments in scripts/generate_template.py (e.g., --name, --env, --startup-cmd).
  • Boundary markers: None present to separate user input from the XML/Shell template structure.
  • Capability inventory: The script has the ability to write files to sensitive system configuration paths (/boot/config/plugins/dockerMan/templates-user/).
  • Sanitization: Absent. The script uses Python f-strings for XML and shell command assembly without escaping special characters like quotes or angle brackets, allowing an attacker to break out of the intended XML structure or inject shell commands.
  • [COMMAND_EXECUTION]: The skill's primary purpose is to facilitate the execution of arbitrary shell commands within a Docker container by bypassing the image's default ENTRYPOINT using the <ExtraParams> and <PostArgs> fields in the generated XML.
  • [COMMAND_EXECUTION]: The script includes a --deploy feature that writes the generated XML configuration directly to the Unraid boot configuration directory (/boot/config/plugins/dockerMan/templates-user/). Writing to this path typically requires elevated privileges and affects the system's management interface.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 03:04 PM
Security Audit — agent-trust-hub — unraid-xml-generator