Revenue Recovery
AdvisoryAudited by Static analysis on May 1, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs onboarding with a malformed or attacker-controlled client ID, it could write outside the intended client folder or run unintended local Python code.
The user-provided client ID is used directly in a filesystem path and shell-expanded into Python source without validation or escaping.
CLIENT_ID="${1:?client_id required}" ... ROOT="$HOME/.openclaw/workspace/data/xzenia/clients/$CLIENT_ID" ... cfg=os.path.expanduser('$ROOT/client_config.json')Validate client IDs with a strict allowlist such as letters, numbers, dash, and underscore; resolve paths under a fixed base directory; and pass values to Python through argv or environment variables rather than expanding them into source code.
Running setup may install different dependency versions over time, which can affect reproducibility and supply-chain assurance.
The setup script downloads third-party packages at run time using broad lower-bound version ranges and no lockfile or hashes.
pip install --quiet --upgrade pip || true ... pandas>=2.0 ... requests>=2.31 ... pip install --quiet -r /tmp/xzenia-requirements.txt || true
Pin dependency versions, use a lockfile or hashes, and review dependencies before running setup in a sensitive workspace.
Sensitive business or client data may remain on disk and influence later analyses.
The skill persists client financial events, contract terms, leakage findings, and recovery actions in a local SQLite database for reuse.
DB_PATH="$ROOT/causal_memory.db" ... CREATE TABLE IF NOT EXISTS financial_events ... contract_terms ... leakage_findings ... recovery_actions
Use only approved data, segregate client workspaces, restrict filesystem access, and define cleanup or retention procedures.
Local files outside this skill may influence agent behavior and priorities if they are stale, modified, or untrusted.
The skill makes local project documents and a vague founder-priority rule part of its runtime guidance, even though those documents are not included in the reviewed artifacts.
This skill operates under the following bound artifacts, in precedence order: ... projects/xzenia/docs/... ... Founder vector outranks local optimization.
Review the referenced governance files and ensure they cannot override explicit user instructions, approval requirements, or safety boundaries.