semantic-slicing

Warn

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions in references/workflow.md direct the user to clone the openclaw/clawpatch repository from an unverified third-party GitHub organization.
  • [REMOTE_CODE_EXECUTION]: The workflow involves building and executing code from the cloned openclaw/clawpatch repository using pnpm install, pnpm build, and node, which allows for arbitrary code execution from external sources on the host system.
  • [EXTERNAL_DOWNLOADS]: The skill fetches components and configurations from Vercel Labs' official GitHub repository.
  • [COMMAND_EXECUTION]: The skill's primary workflow relies on executing multiple shell commands including gitcrawl, discrawl, clawpatch, and deepsec for mapping, scanning, and status checks.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from external tool outputs.
  • Ingestion points: scripts/semantic-map.mjs reads JSON artifacts from the clawpatch/features and deepsec/data directories.
  • Boundary markers: Absent; the script parses and merges external JSON data without explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill executes shell commands via clawpatch review, deepsec process, and various CLI tools.
  • Sanitization: The script uses escapeHtml when generating the HTML report, which mitigates XSS risks in the visual map, but does not sanitize data entering the LLM context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 02:26 AM
Security Audit — agent-trust-hub — semantic-slicing