Is rdsthomas/mission-control safe?
https://clawhub.ai/rdsthomas/mission-control
Mission Control is a task management system that by design passes human-authored task descriptions directly to AI agents for execution, creating an inherent prompt injection vector. While the authors acknowledge this risk and provide some mitigations, the fundamental architecture enables arbitrary instructions to be executed by agents.
Category Scores
Findings (5)
CRITICAL System designed for prompt injection -80 ▶
The core purpose of Mission Control is to pass human-authored task descriptions directly to AI agents for execution. Task descriptions can contain arbitrary instructions that will be read and executed by the agent. While acknowledged by the authors as 'by design, not a vulnerability,' this creates a fundamental prompt injection vector.
HIGH High risk in multi-user scenarios -25 ▶
The system explicitly acknowledges that multi-user setups where multiple users can create tasks should treat task content as untrusted input. This creates significant risk if the system is deployed in collaborative environments or if access controls fail.
MEDIUM Dynamic code execution with limited input validation -15 ▶
The mc-update.sh script executes Python code dynamically using environment variables. While it includes a sanitize_input() function, this only blocks backticks and $ characters, which may not prevent all injection vectors.
LOW External network connections during installation -5 ▶
The skill makes network connections to external services (clawhub.ai, openrouter.com) during installation, which is expected behavior but represents potential data transmission channels.
LOW Expected installation behavior -5 ▶
Installation behavior includes network connections and file system changes that appear consistent with expected skill installation patterns.