openclaw-behavior-validator

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill mandates the use of isolated temporary directories for validation tasks. It specifies setting directory permissions to 700 (owner only), which follows the principle of least privilege and prevents other users on the system from accessing potentially sensitive validation artifacts.
  • [SAFE]: There are explicit instructions to prevent the exposure of sensitive data. The agent is instructed to supply credentials only via approved secret tooling or environment variables and to redact all tokens, cookies, and private user data from captured evidence and reports.
  • [SAFE]: The "source-blind" methodology acts as a functional security boundary, ensuring the agent does not process internal source files or implementation notes, which reduces the attack surface for certain types of indirect prompt injections.
  • [SAFE]: The skill does not contain any remote code execution, obfuscated content, or unauthorized data exfiltration patterns. External links are limited to the skill's own documentation and source repository metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 06:26 PM
Security Audit — agent-trust-hub — openclaw-behavior-validator