Channels Guide
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The instructions identify the specific filesystem directory (~/.openclaw/openclaw-weixin/accounts/) used for storing sensitive WeChat authentication credentials. Disclosing these credential locations to an AI agent presents a data exposure risk if the environment allows for unauthorized file access.
- [PROMPT_INJECTION]: The skill architecture is vulnerable to indirect prompt injection through external IM channels. 1. Ingestion points: Untrusted user data enters the system context via Telegram, Discord, WeChat, and other integrated messaging platforms (SKILL.md). 2. Boundary markers: The skill does not provide the agent with instructions or delimiters to isolate content received from these channels or to ignore embedded instructions. 3. Capability inventory: The agent is authorized to use the
config.patchtool, which can modify global system configurations, and authentication-related tools likeweixin_login. 4. Sanitization: No sanitization or validation processes are described for content received from external IM channels before it is used to influence the agent's logic or configuration changes.
Audit Metadata