Skills
skills/steipete/agent-scripts/clickclack/Gen Agent Trust Hub

clickclack

Fail

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly directs the agent to perform administrative tasks using root access over SSH to a public IP address (157.90.237.80).
  • [DATA_EXFILTRATION]: The deployment instructions include a command to dump all environment variables from a running container into a file (docker inspect clickclack --format '{{range .Config.Env}}{{println .}}{{end}}' > /root/clickclack.env.current). This process exposes potentially sensitive credentials like API keys, database passwords, and OAuth tokens to the filesystem and agent context.
  • [COMMAND_EXECUTION]: The skill provides numerous high-risk shell commands for managing production infrastructure, including stopping and removing containers, modifying system configuration files like the Caddyfile, and performing destructive file operations.
  • [REMOTE_CODE_EXECUTION]: The deployment workflow uses a pipeline to stream a git archive directly into a remote shell (git archive ... | ssh root@157.90.237.80 "..."), which executes the archive extraction and other commands on the remote production server.
  • [EXTERNAL_DOWNLOADS]: The skill fetches code and configuration from an external, third-party GitHub repository (github.com/openclaw/clickclack) during the deployment process.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 03:59 PM
Security Audit — agent-trust-hub — clickclack