openclaw-crabbox

Warn

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone source code from an external repository (https://github.com/openclaw/crabbox.git) that is not identified as a trusted vendor.
  • [REMOTE_CODE_EXECUTION]: The skill directs the agent to compile the downloaded source code using go build and execute the resulting binary, creating a remote code execution vector.
  • [COMMAND_EXECUTION]: The instructions include the use of sudo to perform system modifications, such as creating symbolic links in /usr/local/bin during the handoff repair process.
  • [CREDENTIALS_UNSAFE]: The skill provides explicit guidance and command-line flags (--allow-env) for forwarding sensitive environment variables, specifically mentioning OPENAI_API_KEY, to remote execution environments.
  • [EXTERNAL_DOWNLOADS]: The skill references a custom Homebrew tap (openclaw/tap/crabbox) for package installation, which bypasses official package registries.
  • [PROMPT_INJECTION]: The skill processes untrusted external data, such as remote command outputs and JUnit XML results (--results-auto), which establishes a surface for indirect prompt injection. No evidence of input sanitization or boundary markers was found for these ingestion points.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 3, 2026, 06:27 PM
Security Audit — agent-trust-hub — openclaw-crabbox