integrate-openclaw
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate documentation and code examples for a voice-to-brain integration. It includes explicit security warnings regarding the operator-grade nature of gateway credentials and recommends isolation via loopback bindings and per-agent tool policies.
- [PROMPT_INJECTION]: The skill architecture involves processing untrusted caller input and forwarding it to an LLM-backed gateway (OpenClaw), creating an indirect prompt injection surface. 1. Ingestion points: Untrusted caller data enters via the
request_textfield in theadapter.pyandadapter.tsscripts. 2. Boundary markers: Absent (uses string interpolation:f"[caller={caller}] {request_text}"). 3. Capability inventory: The adapter performs network operations (HTTP POST) to the OpenClaw gateway. 4. Sanitization: Response truncation is implemented, but input sanitization for the model request is not explicitly shown in the example. - [EXTERNAL_DOWNLOADS]: The documentation references the
patter-mcprepository (github.com/PatterAI/patter-mcp) for outbound call functionality. This is a vendor-owned resource used for the intended purpose of the skill.
Audit Metadata