build-openclaw-skill
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional and provides templates for skill development. No malicious patterns were detected across any threat categories.
- [PROMPT_INJECTION]: The skill includes defensive instructions to prevent prompt injection, such as advising against the use of angle brackets (<, >) in metadata fields and descriptions to avoid system prompt corruption.
- [DATA_EXFILTRATION]: No network operations or sensitive data access patterns were identified. Mentions of API keys or environment variables are provided as illustrative examples for configuration and gating purposes within the OpenClaw framework.
- [COMMAND_EXECUTION]: The skill provides benign bash script snippets intended for local file system validation (e.g., checking for orphaned reference files) and the copying of skill artifacts during development. These are standard development operations for the intended user base.
- [REMOTE_CODE_EXECUTION]: References to package managers (npm, brew, go) and download URLs are contained within documentation examples for defining installation requirements and do not constitute unauthorized remote code execution patterns.
Audit Metadata