auth-manager

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs storing plaintext credentials in auth-platforms.json and tells the agent to use those credentials to auto-fill/login, which requires the agent to read and potentially include secret values verbatim in commands or interactions, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly uses fast-browser-use to snapshot and read the DOM of arbitrary public check_url/login_url entries from ~/.openclaw/auth-platforms.json (e.g., linux.do, GitHub, Douyin, Xiaohongshu, X) and then interprets those page contents (via grep/indicator matching) to decide status and actions, exposing the agent to untrusted third‑party content.