semantic-slicing
Warn
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions in
references/workflow.mddirect the user to clone theopenclaw/clawpatchrepository from an unverified third-party GitHub organization. - [REMOTE_CODE_EXECUTION]: The workflow involves building and executing code from the cloned
openclaw/clawpatchrepository usingpnpm install,pnpm build, andnode, which allows for arbitrary code execution from external sources on the host system. - [EXTERNAL_DOWNLOADS]: The skill fetches components and configurations from Vercel Labs' official GitHub repository.
- [COMMAND_EXECUTION]: The skill's primary workflow relies on executing multiple shell commands including
gitcrawl,discrawl,clawpatch, anddeepsecfor mapping, scanning, and status checks. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from external tool outputs.
- Ingestion points:
scripts/semantic-map.mjsreads JSON artifacts from theclawpatch/featuresanddeepsec/datadirectories. - Boundary markers: Absent; the script parses and merges external JSON data without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill executes shell commands via
clawpatch review,deepsec process, and various CLI tools. - Sanitization: The script uses
escapeHtmlwhen generating the HTML report, which mitigates XSS risks in the visual map, but does not sanitize data entering the LLM context.
Audit Metadata