skills/steipete/clawdis/coding-agent/Gen Agent Trust Hub

coding-agent

Fail

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines and encourages the use of an elevated: true parameter for the bash tool, which is described as allowing the execution of commands on the host system instead of within a restricted sandbox environment.
  • [REMOTE_CODE_EXECUTION]: Instructions mandate the use of flags such as --yolo (explicitly described as 'No sandbox, no approvals') and --permission-mode bypassPermissions for external CLI tools, which removes critical security guardrails and allows the agents to execute potentially malicious code without user intervention.
  • [EXTERNAL_DOWNLOADS]: The skill automates the installation of Node.js packages from external registries and provides instructions for cloning and executing code from arbitrary GitHub repositories (e.g., git clone https://github.com/user/repo.git).
  • [COMMAND_EXECUTION]: The notification logic constructs shell commands by interpolating variables like notifyTarget and notifyChannel into an openclaw message send command. This pattern is vulnerable to command injection if the input variables contain shell metacharacters.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the installation and execution of unverified third-party tools such as @earendil-works/pi-coding-agent, which is not from a known trusted source.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 18, 2026, 02:11 AM
Security Audit — agent-trust-hub — coding-agent