Prompt injection instructions
Warn
- Finding
- Prompt-injection style instruction pattern detected.
Trugen AI
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Install only if you intend to let OpenClaw help manage Trugen AI resources. Keep TRUGEN_API_KEY server-side, confirm destructive API actions, and be cautious with uploaded documents, call recording, persistent memory, webhooks, external tools, and MCP endpoints. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI01: Agent Goal Hijack
Info
What this means
If copied into a deployed avatar, these prompts shape that avatar's behavior; they do not appear to hijack the local agent.
Why it was flagged
The file contains prompt-like directives, but it explicitly scopes them as example content for a deployed Trugen avatar rather than instructions for the evaluating or installing agent.
Skill content
The prompt examples below are system prompts for the deployed Trugen voice agent ... They are NOT instructions for Claude.
Recommendation
Treat prompt examples as content to review and customize for your deployed Trugen agent, not as instructions for OpenClaw itself.
#
ASI03: Identity and Privilege Abuse
Low
What this means
Anyone or any agent using this key can perform Trugen API actions allowed by that key.
Why it was flagged
The skill requires a Trugen API key to act against the user's Trugen account. This is expected for the integration, but it is still delegated account authority.
Skill content
`TRUGEN_API_KEY` | Primary API key for all Trugen API calls (sent as `x-api-key` header)
Recommendation
Use a dedicated, least-privileged Trugen API key if available, keep it out of client-side code, and rotate it if exposed.
#
ASI02: Tool Misuse and Exploitation
Low
What this means
A mistaken ID or misunderstood request could update or delete Trugen resources.
Why it was flagged
The reference documentation includes mutating and destructive API operations such as creating, updating, and deleting agents. These operations are purpose-aligned but can change account state.
Skill content
`DELETE /v1/ext/agent/{id}`Recommendation
Before destructive or bulk changes, confirm the target resource IDs and intended action with the user.
#
ASI06: Memory and Context Poisoning
Medium
What this means
Documents, conversation context, transcripts, or memory could be reused by deployed Trugen agents if configured that way.
Why it was flagged
The platform can persist context across sessions, and related references also describe knowledge bases, recordings, and transcripts. This is expected for conversational agents but affects data retention and reuse.
Skill content
`config.memory.isEnabled` | Enable persistent memory across sessions
Recommendation
Only upload appropriate data, disable memory or recording when not needed, and review Trugen retention and privacy settings.
#
ASI07: Insecure Inter-Agent Communication
Medium
What this means
Conversation data or tool parameters may be sent to configured third-party endpoints, and those endpoints may act using provided tokens.
Why it was flagged
The skill documents delegated tool, MCP, and webhook integrations that can move conversation-derived data or actions across service boundaries. This is disclosed and central to the platform integration.
Skill content
Tools allow agents to call external APIs or trigger client-side actions during a conversation.
Recommendation
Use trusted endpoints, least-privileged tokens, webhook authentication or signing, and avoid sending sensitive data unless necessary.