migrate-nanoclaw
Fail
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The diagnostics.md file contains a hardcoded PostHog API key (phc_fx1Hhx9ucz8GuaJC8LVZWO8u03yXZZJJ6ObS4yplnaP) used for sending telemetry.
- [COMMAND_EXECUTION]: The skill executes multiple shell commands including git for repository management, launchctl for service control, and pnpm for building and testing code.
- [DATA_EXFILTRATION]: Collects system and environment information, such as OS platform, architecture, and Node.js versions, and sends this data to the PostHog analytics service (us.i.posthog.com).
- [DATA_EXFILTRATION]: The migration process involves accessing and symlinking sensitive configuration files, including the .env file, during the live test phase.
- [EXTERNAL_DOWNLOADS]: Downloads and installs external packages from the NPM registry via pnpm install during the validation phase.
- [PROMPT_INJECTION]: The skill analyzes untrusted repository content and diffs to generate a migration guide containing natural language instructions. These instructions are subsequently followed to modify the codebase, which presents a surface for indirect prompt injection. \n
- Ingestion points: Reads files and git logs from the local repository in SKILL.md (Phase 1.3/1.4). \n
- Boundary markers: No delimiters or instructions are used to ignore embedded malicious content within analyzed code snippets. \n
- Capability inventory: The skill can write files, execute shell commands, and perform network requests. \n
- Sanitization: There is no evidence of sanitization or validation of the implementation details extracted from the codebase before they are included in the guide.
Recommendations
- AI detected serious security threats
Audit Metadata