parallels-discord-roundtrip

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The execution instructions include a shell command that uses ssh to retrieve a Discord token from a configuration file located at ~/.openclaw/openclaw.json on a specific remote host (peters-mac-studio-1). Accessing secret tokens from configuration files in hidden directories is a sensitive operation.
  • [COMMAND_EXECUTION]: The skill uses pnpm and prlctl to execute test suites and manage virtual machine snapshots. This involves direct shell command execution on the host and within the guest environment.
  • [PROMPT_INJECTION]: The skill implements an end-to-end roundtrip that involves reading messages from a Discord channel using the openclaw message read command. This introduces an indirect prompt injection risk where untrusted content from the chat history could influence agent behavior.
  • Ingestion points: The openclaw message read command (SKILL.md).
  • Boundary markers: No specific delimiters or safety instructions are provided to isolate the ingested Discord messages from the agent's instructions.
  • Capability inventory: The skill utilizes shell execution via pnpm, prlctl exec, and ssh (SKILL.md).
  • Sanitization: There is no evidence of sanitization or validation of the content read from the Discord channel.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — parallels-discord-roundtrip