Skills
skills/wghust/stark-skills/openclaw-help/Gen Agent Trust Hub

openclaw-help

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill retrieves data from the external domain docs.openclaw.ai and performs broad web searches to supplement its local knowledge base.
  • [REMOTE_CODE_EXECUTION]: The bundled reference material (reference.md) includes installation commands that use piped shell execution (curl | bash) from the openclaw.ai domain. While provided for user guidance, these patterns are inherently risky.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external documentation and search results.
  • Ingestion points: Data is fetched from docs.openclaw.ai and various sites via WebSearch (SKILL.md).
  • Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the fetched content.
  • Capability inventory: The skill utilizes grep for file access and WebFetch for network operations (SKILL.md).
  • Sanitization: There is no evidence of content filtering or sanitization for the retrieved external data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 07:28 AM
Security Audit — agent-trust-hub — openclaw-help