Farmos Marketing
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: farmos-marketing Version: 1.0.0 The skill is classified as suspicious due to its instructions for the AI agent to execute local shell commands (`~/clawd/scripts/farmos-auth.sh`) and read local files (`~/.clawdbot/farmos-users.json`) within the OpenClaw environment, as detailed in SKILL.md. While these actions are presented as necessary for authentication and authorization to an internal FarmOS API (http://100.102.77.110:8013), the direct execution of shell scripts and file system access represent high-risk capabilities. These capabilities, if not properly sandboxed or if the agent is vulnerable to prompt injection, could lead to arbitrary code execution or unauthorized file access, even though the instructions themselves do not demonstrate explicit malicious intent like data exfiltration to external C2 servers or persistence mechanisms.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the role file or token handling is wrong, the agent could disclose protected farm marketing, contract, settlement, or revenue data to someone who should not receive it.
This shows the skill uses manager/admin JWTs and a local role-mapping file to gate access to protected marketing data, even though the registry declares no primary credential or required config path.
TOKEN=$(~/clawd/scripts/farmos-auth.sh admin) ... TOKEN=$(~/clawd/scripts/farmos-auth.sh manager) ... Check the sender's role in `~/.clawdbot/farmos-users.json`.
Declare the credential and role-file requirements, prefer the least-privileged manager role by default, and make the role check mandatory before using both authenticated and unauthenticated endpoints.
A missing, modified, or unsafe helper script could run unexpected local code or mishandle FarmOS credentials.
Runtime authentication depends on a local helper script outside the provided skill package; no code or install spec was supplied to verify what that helper does with privileged tokens.
TOKEN=$(~/clawd/scripts/farmos-auth.sh admin)
Bundle or document the helper with provenance, pin/audit its contents, declare it as a required dependency, and avoid running it automatically without user awareness.
Bearer tokens and financial farm data could be exposed if the network path is not otherwise protected.
The documented request sends a bearer token to an HTTP endpoint; the artifacts do not explain TLS, private-network protections, or other safeguards for this sensitive provider/API flow.
curl -H "Authorization: Bearer $TOKEN" http://100.102.77.110:8013/api/endpoint
Use HTTPS where possible, or clearly document that this endpoint is only reachable over a secured private network; avoid sending JWTs over untrusted HTTP connections.
The agent may produce or export full contract/position data, which could be sensitive if shared broadly.
The skill discloses broad read/export capability for marketing positions; this is purpose-aligned, but it can retrieve complete sensitive business records.
GET /api/positions/export?crop_year=2025 ... Returns: CSV export of all positions.
Limit outputs to the requested crop year/entity, confirm before producing full exports, and avoid sharing results with unauthorized users.