healthcheck
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a wide range of system commands for auditing and remediation across Linux and macOS. These include network reconnaissance tools like
ssandlsof, firewall management utilities such asufw,firewall-cmd, andpfctl, and system identification commands likeunameandsw_vers. - [DATA_EXFILTRATION]: The skill gathers sensitive metadata about the host environment, including network exposure (listening ports, reverse proxies, tunnels), disk encryption status, and privilege levels. While the instructions emphasize local storage in memory files and redacting secrets, the systematic collection of host security posture constitutes high-value data exposure.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing output from various external system tools and the
openclawCLI. - Ingestion points: Command output from
openclaw security audit,ss,lsof,ufw, andtmutil. - Boundary markers: The skill lacks explicit instructions for using delimiters or boundary markers when the agent processes command output.
- Capability inventory: The skill possesses extensive capabilities including shell command execution, persistence creation (cron), and file system writes.
- Sanitization: While the skill advises redacting secrets from logs, it does not specify sanitization or validation logic for data interpolated from command outputs into subsequent prompts.
- [REMOTE_CODE_EXECUTION]: The skill provides functionality to establish persistence via
openclaw cron add, allowing for the periodic execution of security audits and update status checks.
Audit Metadata