Skills
skills/steipete/clawdis/clawdtributor/Gen Agent Trust Hub

clawdtributor

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Utilizes local command-line utilities including gh (GitHub CLI), sqlite3, and perl to perform repository triage and data processing. These tools are used for their intended purposes within the OpenClaw project context.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) because it processes untrusted data from external platforms.
  • Ingestion points: Reads Discord message content from a local database (discrawl.db) and GitHub PR/Issue metadata (titles, bodies, comments) via API calls.
  • Boundary markers: The instructions do not define explicit delimiters or 'ignore' instructions to separate untrusted data from the agent's core instructions.
  • Capability inventory: The skill uses sqlite3, gh, and discrawl to read and potentially interact with project data, alongside perl for string manipulation.
  • Sanitization: No specific sanitization or validation logic is applied to the untrusted content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:47 PM
Security Audit — agent-trust-hub — clawdtributor