Farmos Observations
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: farmos-observations Version: 1.0.0 The skill is classified as suspicious due to several high-risk capabilities and potential vulnerabilities, primarily outlined in `SKILL.md`. It instructs the AI agent to execute a local shell script (`~/clawd/scripts/farmos-auth.sh`) for authentication, which is a powerful primitive that could be exploited if the script or its arguments were compromised. The agent is also instructed to interact with an internal IP address (`http://100.102.77.110:8008`), providing internal network access. Furthermore, the skill involves complex parsing of user input to construct API calls, including file uploads, which creates a significant prompt injection surface. While the instructions include guardrails (e.g., 'Always offer before creating'), a sophisticated prompt injection could attempt to bypass these, leading to unauthorized data creation, manipulation, or abuse of the defined escalation and cross-module interaction mechanisms.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may act with FarmOS manager authority to read protected observations and create records; if the token or endpoint is mishandled, actions may be attributed to a privileged account.
The skill tells the agent to obtain and use a manager-role JWT for protected FarmOS APIs. This is high-impact account authority, but the registry metadata says there is no primary credential and the artifacts do not show least-privilege scoping.
This skill accesses protected FarmOS endpoints that require a JWT token. ... TOKEN=$(~/clawd/scripts/farmos-auth.sh manager) ... curl -H "Authorization: Bearer $TOKEN" http://100.102.77.110:8008/api/endpoint
Declare the credential requirement, use a least-privileged observation-only token where possible, document exactly what the token can access, and prefer a protected HTTPS or clearly trusted internal transport.
A user cannot verify from this skill package how the JWT is obtained or whether the helper script uses broader credentials.
The skill relies on a local helper script outside the provided file manifest. That helper may be legitimate, but its source, permissions, and behavior are not visible in this instruction-only package.
TOKEN=$(~/clawd/scripts/farmos-auth.sh manager)
Document the helper script’s source and expected behavior, include it in the reviewed package if appropriate, or require a clearly configured external credential provider.
If approved, the agent can add observation records and upload photos to FarmOS.
The skill can perform state-changing API calls and upload selected image files. This is purpose-aligned and the instructions require asking first, but it is still meaningful mutation authority.
POST /api/observations ... Content-Type: multipart/form-data ... `photo` (optional) — Image file attachment ... Proactive observation creation ... Don't create silently — ask first.
Show the proposed observation details, field ID, severity, and attachments before submitting; require explicit user confirmation for each create action.
Farm operational details and field images may be stored or processed by the configured backend.
The skill sends field descriptions, IDs, and optional photos to a hard-coded FarmOS backend. That data flow is disclosed and purpose-aligned, but the artifact does not identify the service owner or transport protections.
API Base http://100.102.77.110:8008 ... Form fields: ... `description` ... `field_id` ... `photo` (optional) — Image file attachment
Verify that the API endpoint is the intended FarmOS service, avoid uploading unintended private files, and document retention and access controls for uploaded observations.
A single logged observation may create additional workflow records beyond the observation itself.
The skill discloses that creating an observation can have downstream effects in other FarmOS-related systems.
Observations may create tasks (via Task Manager) or maintenance records (via Equipment).
Clarify whether downstream tasks or maintenance records are automatic, and ask for separate confirmation before creating those records if they are not purely informational.