integrate-openclaw

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides legitimate documentation and code examples for a voice-to-brain integration. It includes explicit security warnings regarding the operator-grade nature of gateway credentials and recommends isolation via loopback bindings and per-agent tool policies.
  • [PROMPT_INJECTION]: The skill architecture involves processing untrusted caller input and forwarding it to an LLM-backed gateway (OpenClaw), creating an indirect prompt injection surface. 1. Ingestion points: Untrusted caller data enters via the request_text field in the adapter.py and adapter.ts scripts. 2. Boundary markers: Absent (uses string interpolation: f"[caller={caller}] {request_text}"). 3. Capability inventory: The adapter performs network operations (HTTP POST) to the OpenClaw gateway. 4. Sanitization: Response truncation is implemented, but input sanitization for the model request is not explicitly shown in the example.
  • [EXTERNAL_DOWNLOADS]: The documentation references the patter-mcp repository (github.com/PatterAI/patter-mcp) for outbound call functionality. This is a vendor-owned resource used for the intended purpose of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:57 PM
Security Audit — agent-trust-hub — integrate-openclaw