skills/openclaw/wacli/crabbox/Gen Agent Trust Hub

crabbox

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands and scripts on remote infrastructure (AWS, Blacksmith Testbox, SSH targets) and local environments. This includes executing local JavaScript scripts and pnpm commands as part of CI and testing workflows.
  • [EXTERNAL_DOWNLOADS]: The instructions reference installing the Crabbox CLI from a vendor-controlled Homebrew tap and authenticating with the vendor's service at https://crabbox.openclaw.ai.
  • [DATA_EXFILTRATION]: The skill provides mechanisms to forward environment variables, such as API keys, to remote test environments. While it includes explicit instructions to redact and avoid logging these secrets, the capability to transmit credentials to remote hosts is a core feature of the tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 08:07 PM
Security Audit — agent-trust-hub — crabbox