openclaw-create-agent
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the OpenClaw environment, including
openclaw agents add,openclaw gateway restart, and a bundled Python scriptscripts/upsert_openclaw_agent.pyto update the local configuration file.\n- [CREDENTIALS_UNSAFE]: The skill collects and processes sensitive information such asapp_secret. These credentials are passed as command-line arguments to theupsert_openclaw_agent.pyscript, which can expose them to other users or monitoring tools on the same host through process list inspection.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection through the monitoring of external logs to extract group identifiers.\n - Ingestion points: Standard output from the
openclaw logs --followcommand, which reflects messages sent from external messaging platforms (Feishu).\n - Boundary markers: The skill does not implement specific boundary markers or 'ignore' instructions when reading the log stream, relying on the agent to manually identify patterns.\n
- Capability inventory: The skill has capabilities to execute shell commands, read/write configuration files, and restart system services.\n
- Sanitization: The Python script
upsert_openclaw_agent.pyincludes regex validation for theagent_idparameter to ensure it matches expected alphanumeric patterns.
Audit Metadata