clawdcursor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt requires sending an Authorization: Bearer header for API calls and explicitly tells the agent to read the token from ~/.clawdcursor/token (and to "use fresh value"), which implies the agent must insert the secret verbatim into generated HTTP requests — creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md/README show the agent will open arbitrary web pages (navigate_browser → cdp_connect → cdp_read_text) and automatically load community-contributed "app guides" JSON (clawdcursor guides install / lazy guide loading), both of which are untrusted third‑party content that the agent is expected to read and that directly drive clicks/typing/decisions — enabling indirect prompt injection.