Communication DNA

Type: OpenClaw Skill Name: communication-dna Version: 1.0.1 The skill is classified as suspicious due to critical vulnerabilities related to arbitrary file ingestion and cross-skill code execution. The `scripts/dna.py` CLI and `scripts/app.py` API allow ingesting any file path on the filesystem, enabling an attacker or a misdirected agent to read and store sensitive local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) into the skill's database. Furthermore, `scripts/integrations.py` directly imports and executes code from a sibling `knowledge-base` skill via `sys.path.insert`, creating a significant supply chain risk where a malicious or vulnerable `knowledge-base` skill could compromise `communication-dna`.