coding-agent
Fail
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines and encourages the use of an
elevated: trueparameter for the bash tool, which is described as allowing the execution of commands on the host system instead of within a restricted sandbox environment. - [REMOTE_CODE_EXECUTION]: Instructions mandate the use of flags such as
--yolo(explicitly described as 'No sandbox, no approvals') and--permission-mode bypassPermissionsfor external CLI tools, which removes critical security guardrails and allows the agents to execute potentially malicious code without user intervention. - [EXTERNAL_DOWNLOADS]: The skill automates the installation of Node.js packages from external registries and provides instructions for cloning and executing code from arbitrary GitHub repositories (e.g.,
git clone https://github.com/user/repo.git). - [COMMAND_EXECUTION]: The notification logic constructs shell commands by interpolating variables like
notifyTargetandnotifyChannelinto anopenclaw message sendcommand. This pattern is vulnerable to command injection if the input variables contain shell metacharacters. - [REMOTE_CODE_EXECUTION]: The skill facilitates the installation and execution of unverified third-party tools such as
@earendil-works/pi-coding-agent, which is not from a known trusted source.
Recommendations
- AI detected serious security threats
Audit Metadata