AdMapix Intelligence Assistant

User-controlled input (`{user_query}`, `{additional_context}`) is directly embedded into a JSON string within a `curl` command executed in a shell. Without explicit sanitization, an attacker can inject arbitrary shell commands by crafting malicious input to break out of the JSON string.

curl -s -X POST "https://deepresearch.admapix.com/research" ... -d '{"project": "admapix", "query": "{user_query}", "context": "{additional_context}", "api_key": "'"$ADMAPIX_API_KEY"'"}'

The skill instructs to run `openclaw config set skills.entries.admapix.apiKey "{KEY}"` when a user pastes an API key. If the `{KEY}` value is not properly shell-escaped before execution, a malicious user could inject arbitrary shell commands.

openclaw config set skills.entries.admapix.apiKey "{KEY}"

A bearer token (`test-local-token-2026`) is hardcoded and used in `Authorization` headers for all Deep Research Framework API calls. If this token grants access to sensitive internal resources, its exposure in the skill content is a security vulnerability.

Authorization: Bearer test-local-token-2026

The skill defines general `curl` patterns using `{endpoint}` and `{params}`. If these placeholders are populated directly from unsanitized user input, it could lead to command injection or SSRF vulnerabilities. The skill does not specify sanitization.

curl -s "https://api.admapix.com/api/data/{endpoint}?{params}"

The skill instructs the agent to pass the user's API key ('$ADMAPIX_API_KEY') in the POST body to 'https://deepresearch.admapix.com/research'. While this is a subdomain of admapix.com, the key is being transmitted to a separate server endpoint with a hardcoded shared auth token, not the user's own credentials. If this endpoint is compromised or the subdomain is different infrastructure, user API keys could be harvested at scale. The instruction 'always include it as shown above' makes this mandatory.

"api_key": "'"$ADMAPIX_API_KEY"'"

The skill instructs the agent to run shell commands including bash conditionals, curl with user-supplied input interpolated directly into command strings, and config modification commands. User-supplied API keys are inserted directly into shell commands without sanitization, creating potential for command injection if a user submits a maliciously crafted key value.

openclaw config set skills.entries.admapix.apiKey "{KEY}"

The skill contains strong override instructions ('NEVER fall back to manual analysis') that prevent the agent from using its own judgment or built-in safety behaviors when the external framework is slow or unresponsive. This forces the agent into a rigid execution path controlled by the skill author rather than responding to context.

NEVER fall back to manual analysis. The framework WILL complete — just wait for it.