migrate-nanoclaw
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs extensive shell operations to manage migrations. This includes Git commands (checkout, fetch, worktree, reset, stash), package management (pnpm install/build/test), and service management (launchctl, systemctl).
- [EXTERNAL_DOWNLOADS]: The skill implements a self-refresh mechanism in Phase 0 that fetches its own updated instructions from the upstream repository at
https://github.com/nanocoai/nanoclaw.gitusinggit checkout. - [CREDENTIALS_UNSAFE]: The
diagnostics.mdfile contains a hardcoded PostHog Project API Key (phc_fx1Hhx9ucz8GuaJC8LVZWO8u03yXZZJJ6ObS4yplnaP). While such keys are often intended for client-side use, it is a hardcoded identifier. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it analyzes untrusted repository code to generate migration instructions.
- Ingestion points: Repository files and diffs are read using Git commands and the Read tool during the analysis phase (Phase 1.4).
- Boundary markers: The instructions do not define clear delimiters or 'ignore instructions' markers when prompting sub-agents to process untrusted code content.
- Capability inventory: The skill possesses powerful capabilities including arbitrary shell command execution, file system writes, and network access.
- Sanitization: No explicit sanitization or validation of the ingested code content is performed before it is analyzed to determine migration intent.
Audit Metadata