hiclaw-find-worker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly queries and ingests Nacos AgentSpecs from a (default) public registry (nacos://market.hiclaw.io) via scripts/hiclaw-find-worker.sh and references/import-worker-template.md, reads template names/summaries/package_uris and then uses those results to decide which package to install, so untrusted third‑party content can directly influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts invoke npx -y @nacos-group/cli (which fetches and executes remote code from the npm registry at runtime) and contact the Nacos registry URL nacos://market.hiclaw.io:80/public to retrieve AgentSpecs (package URIs) that the skill relies on for template search/install, so external content is fetched and executed/used at runtime.