Skills
skills/qwibitai/nanoclaw/manage-channels/Gen Agent Trust Hub

manage-channels

Warn

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to read the .env file to retrieve 'channel tokens'. It also directs the agent to query the central database for user roles and IDs, which constitutes an exposure of sensitive configuration and access control data.
  • [COMMAND_EXECUTION]: Multiple shell commands are utilized via pnpm exec tsx setup/index.ts. These commands incorporate several parameters derived from user input, such as platform IDs and folder names, creating a potential surface for command injection if the underlying setup script does not implement strict validation.
  • [DATA_EXFILTRATION]: The instructions require the agent to access and summarize data from data/v2.db and source code files (src/channels/index.ts). This provides the agent with deep access to the application's internal state and infrastructure details.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 26, 2026, 09:50 PM
Security Audit — agent-trust-hub — manage-channels