sre-runbooks
Warn
Audited by Snyk on Mar 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to https://api.openclaw.com/sre-runbooks/v1/runbooks/{id} and POST https://api.openclaw.com/sre-runbooks/v1/runbooks/{id}/execute to fetch runbook steps that are then executed (e.g., sre_runbooks.execute / POST .../execute), so remote content can directly control agent instructions and trigger actions.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (medium risk: 0.50). This skill explicitly supports executing automated runbook steps and performing system maintenance (e.g., "automates updates" and "running scripts"), which can modify the host system state and require elevated privileges, but it does not explicitly instruct the agent to obtain sudo, alter system files, or create user accounts—so it is a moderate risk rather than a definite compromise.
Audit Metadata