openclaw-agent-transcript

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script executes local binaries, specifically spawning codex for log-thread processing and using the system's open command to display HTML previews. This execution is limited to local tools and is consistent with the skill's management of agent workflows.
  • [DATA_EXFILTRATION]: The skill accesses sensitive local directories containing agent session logs, such as ~/.claude/projects, ~/.codex/sessions, and ~/.openclaw/agents. This access is fundamental to the skill's utility and is mitigated by a redaction engine that removes common secrets, PII, and authentication headers. The skill explicitly avoids network calls.
  • [PROMPT_INJECTION]: By processing and rendering untrusted data from previous session logs, the skill creates an indirect prompt injection surface.
  • Ingestion points: Local JSONL session logs found in agent-specific home directory subfolders.
  • Boundary markers: Transcript content is delimited by <!-- agent-transcript:start --> and <!-- agent-transcript:end --> markers.
  • Capability inventory: Local file system read/write capabilities and the ability to spawn local processes (codex).
  • Sanitization: Implements automated regex redaction for secrets and PII, alongside HTML escaping for generated previews, to prevent malicious content from influencing the agent or user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 06:26 PM
Security Audit — agent-trust-hub — openclaw-agent-transcript