auth-manager

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt stores plaintext credentials in auth-platforms.json and instructs the agent to automatically fill/reuse them for logins, which implies the agent will need to read and emit secret values (e.g., to fill forms or pass to tools), creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly uses fast-browser-use to snapshot and read the DOM of arbitrary public check_url/login_url entries from ~/.openclaw/auth-platforms.json (e.g., linux.do, GitHub, Douyin, Xiaohongshu, X) and then interprets those page contents (via grep/indicator matching) to decide status and actions, exposing the agent to untrusted third‑party content.