openclaw-testing
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a wide range of local shell commands to manage development tasks. This includes executing pnpm for package management (
pnpm install), running Vitest suites (pnpm test:changed), and performing code quality checks (pnpm check). It also utilizes specialized repo scripts likescripts/committerfor git operations. - [COMMAND_EXECUTION]: It heavily relies on the GitHub CLI (
gh) to interact with remote workflows. Commands such asgh run view --logandgh workflow runare used to manage CI status and trigger release validation processes. - [EXTERNAL_DOWNLOADS]: The skill is designed to fetch external data from GitHub, including CI job logs and E2E test artifacts. The
pnpm test:docker:rerunutility specifically downloadssummary.jsonandfailures.jsonfiles from previous GitHub Action runs to generate targeted rerun commands. - [PROMPT_INJECTION]: The skill contains logic to process data from external GitHub logs and JSON artifacts, which represents an indirect prompt injection surface.
- Ingestion points: GitHub Action logs fetched via
gh run view --logand Docker E2E artifacts (summary.json). - Boundary markers: None present in the instructions for log analysis.
- Capability inventory: The skill has access to shell execution (
pnpm,gh,git) and file system writes for release evidence. - Sanitization: No explicit sanitization or validation of the ingested log content is described.
- [SAFE]: The operations described are consistent with the intended purpose of a developer-oriented tool for CI/CD management. The skill explicitly instructs the agent not to store secrets in git and includes instructions for using configured environment tokens securely.
Audit Metadata