Automate
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: automate Version: 1.0.0 The skill is classified as suspicious due to multiple shell injection vulnerabilities in `templates.md` where user-provided arguments are directly interpolated into shell commands (e.g., `jq`, `sed`, `curl`, `mv`, `git`). Most critically, the `Authenticated Request` template in `templates.md` explicitly accesses the macOS keychain (`security find-generic-password`) to retrieve an API token and uses it in a `curl` command to `https://api.example.com`. This combination of secret access, network capabilities, and severe shell injection vulnerabilities creates a high risk of unauthorized command execution and potential secret exfiltration if the agent is prompted with malicious input.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated script could change files or run local commands if executed.
The skill can lead the agent to generate and execute scripts. That is central to the stated automation purpose, but generated code should still be reviewed before it runs.
- 3rd time: Stop. Write the script first, then run it.
Require review and explicit approval before running generated scripts, especially scripts that modify files, call APIs, or affect repositories.
If copied directly, a script could commit and push accidental changes or sensitive files.
The Git workflow template stages all changes and pushes them. This is transparent and purpose-aligned for automation, but it is broad and could publish unintended files if used without review.
git add -A && git commit -m "$1" && git push
Review diffs before commit, avoid blanket `git add -A` for sensitive repos, and require confirmation before pushing.
If adapted carelessly, a script could use the wrong credential or send a token to an unintended endpoint.
The authenticated API template reads a local keychain token and sends it as a bearer token. This is expected for API automation, but credential use should be scoped and destination-checked.
TOKEN=$(security find-generic-password -a clawdbot -s api_token -w) curl -s -X "$1" -H "Authorization: Bearer $TOKEN" "https://api.example.com$2"
Use least-privilege service-specific tokens, verify the API host before running, and avoid printing or logging tokens.