migrate-nanoclaw

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs extensive shell operations to manage migrations. This includes Git commands (checkout, fetch, worktree, reset, stash), package management (pnpm install/build/test), and service management (launchctl, systemctl).
  • [EXTERNAL_DOWNLOADS]: The skill implements a self-refresh mechanism in Phase 0 that fetches its own updated instructions from the upstream repository at https://github.com/nanocoai/nanoclaw.git using git checkout.
  • [CREDENTIALS_UNSAFE]: The diagnostics.md file contains a hardcoded PostHog Project API Key (phc_fx1Hhx9ucz8GuaJC8LVZWO8u03yXZZJJ6ObS4yplnaP). While such keys are often intended for client-side use, it is a hardcoded identifier.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it analyzes untrusted repository code to generate migration instructions.
  • Ingestion points: Repository files and diffs are read using Git commands and the Read tool during the analysis phase (Phase 1.4).
  • Boundary markers: The instructions do not define clear delimiters or 'ignore instructions' markers when prompting sub-agents to process untrusted code content.
  • Capability inventory: The skill possesses powerful capabilities including arbitrary shell command execution, file system writes, and network access.
  • Sanitization: No explicit sanitization or validation of the ingested code content is performed before it is analyzed to determine migration intent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 02:09 PM
Security Audit — agent-trust-hub — migrate-nanoclaw