Skills
skills/openhands/skills/agent-canvas-environment/Gen Agent Trust Hub

agent-canvas-environment

Warn

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses a sensitive local credential file at $HOME/.openhands/agent-canvas/api-key.txt to retrieve authentication tokens for the local backend.
  • [COMMAND_EXECUTION]: The skill provides shell script templates that use curl and jq to interact with a local API service at http://localhost:8001.
  • [DATA_EXFILTRATION]: While the skill interacts with a local backend (localhost), it handles session API keys which are passed via the X-Session-API-Key header in network requests.
  • [COMMAND_EXECUTION]: The delegation mechanism instructs the agent to create new conversations with confirmation_policy: {kind: "NeverConfirm"} and initial_message.run: true, which enables autonomous task execution without user oversight in the delegated environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 08:20 AM
Security Audit — agent-trust-hub — agent-canvas-environment