God Mode Skill
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: god-mode-skill Version: 1.0.0 The skill is classified as suspicious due to multiple SQL injection vulnerabilities in its database interactions and a significant prompt injection risk in its core LLM analysis feature. Specifically, `scripts/commands/projects.sh`, `scripts/commands/sync.sh`, `scripts/lib/analysis/agents.sh`, and `scripts/lib/db.sh` use direct SQL string concatenation with variables derived from user input or external API responses, which are not robustly escaped, allowing for potential SQL injection. Furthermore, the `prompts/agent-analysis.md` template feeds user-controlled content (like `agents.md` content and commit messages) to an LLM, and the LLM's output is then written back to the `agents.md` file by `scripts/lib/apply.sh`. This creates a prompt injection vector where a malicious `agents.md` or commit message could trick the LLM into generating harmful instructions that are then persisted in the `agents.md` file, potentially exploitable by other agents or systems. While these are significant vulnerabilities, there is no clear evidence of intentional malicious behavior such as unauthorized data exfiltration, persistence mechanisms, or credential theft beyond the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private repo instructions and development patterns could be shared with an external LLM provider during analysis.
The analysis flow may place complete AGENTS.md content and commit-derived context into OpenClaw or third-party LLM provider calls, but the artifacts do not clearly bound provider data handling or require a separate confirmation before using detected API keys.
god-mode automatically detects and uses the best available LLM: ... Anthropic ... OpenAI ... OpenRouter ... [prompt includes] Your complete AGENTS.md content
Before running agent analysis, confirm which LLM backend will be used, avoid setting API keys unless intended, and do not analyze sensitive private repositories unless provider sharing is acceptable.
Users may underestimate where their repository metadata, AGENTS.md content, or commit patterns can be sent.
This privacy wording can lead users to believe repo-derived data never leaves the machine, while other documented features call GitHub/Azure APIs and optional LLM providers for analysis.
- **All data stored locally** in `~/.god-mode/` - **No tokens stored** - uses your existing `gh` auth - **No telemetry** - nothing phones home
Revise the privacy section to distinguish local caching from intentional provider/API calls, and list exactly what data is sent to each external service.
The skill may read data from any repository accessible to the configured CLI/token, including private or work repositories.
The skill relies on existing account authentication or token environment variables to access repositories. This is purpose-aligned and says tokens are not stored, but it still uses delegated account authority.
Use CLIs users already authenticated: ... GitHub | `gh` ... Azure DevOps | `az` ... Fallback: `GITHUB_TOKEN`, `AZURE_DEVOPS_PAT`, `GITLAB_TOKEN` env vars.
Use least-privilege tokens/accounts where possible and only add repositories you want the skill to inspect.
Accepted changes could persistently alter how coding agents behave in the repository.
AGENTS.md is persistent agent instruction context. Updating it is central to the skill’s purpose, but incorrect or untrusted LLM suggestions could influence future agent behavior.
Fetches your AGENTS.md from the repository ... Displays recommendations interactively ... Optionally applies changes to your AGENTS.md
Manually review all AGENTS.md edits before applying or committing them.
A changed remote installer could run different code than the user expected.
The optional direct install path executes a remote script from the mutable main branch. It is user-directed, but it is less verifiable than a pinned release or reviewed local script.
curl -fsSL https://raw.githubusercontent.com/InfantLab/god-mode-skill/main/install.sh | bash
Prefer ClawHub installation or a pinned release/tag, and inspect install.sh before running it.