jqopenclaw-node-invoker

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill exposes broad remote-control capabilities — arbitrary command execution (process.exec/system.run), full filesystem access (file.read/file.write with recursive listing and rg search), clipboard/screenshot capture, process management, and remote self-update (download+exec) — which together enable data exfiltration, credential theft, remote code execution and supply‑chain style compromise and can be readily abused as a backdoor despite some documented safeguards.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The skill allows invoking node.selfUpdate with an arbitrary HTTP/HTTPS downloadUrl (references/command-spec.md and SKILL.md), causing the agent to direct the node to fetch and run remote binaries—clearly ingesting untrusted third-party content that can materially change actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's node.selfUpdate action requires a runtime downloadUrl (http/https) which the node will HTTP-download and run an update script/batch (executing remote code), so external URLs are used at runtime to fetch and execute code (parameter: downloadUrl).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly enables and maps to actions that modify system state (file.write including delete/move, process.manage/kill, process.exec/system.run, node.selfUpdate, input control), which can change or damage the host even if it says not to escalate privileges, so it should be flagged.