Skills
skills/steipete/clawdis/openclaw-test-performance/Gen Agent Trust Hub

openclaw-test-performance

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill enables the execution of shell commands such as pnpm for testing and scripts/committer for version control operations.
  • [REMOTE_CODE_EXECUTION]: It utilizes the blacksmith CLI to run test suites on remote CI/CD infrastructure.
  • [EXTERNAL_DOWNLOADS]: The skill uses pnpm install to manage project dependencies, which involves fetching packages from the npm registry.
  • [PROMPT_INJECTION]: The agent is instructed to read various local AGENTS.md files as part of its workflow, representing an indirect prompt injection surface where documentation content could influence agent logic.
  • Ingestion points: Multiple AGENTS.md files including src/agents/AGENTS.md, src/channels/AGENTS.md, src/plugins/AGENTS.md, src/gateway/AGENTS.md, test/helpers/AGENTS.md, test/helpers/channels/AGENTS.md, and src/infra/outbound/AGENTS.md.
  • Boundary markers: The instructions do not specify the use of delimiters or sanitization when reading these files.
  • Capability inventory: The skill possesses extensive capabilities including file system modification, command execution, and remote job submission.
  • Sanitization: No content validation or escaping is applied to the data read from the local documentation files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 11:42 PM
Security Audit — agent-trust-hub — openclaw-test-performance