openclaw-extend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly integrates public messaging channels (references/channel-setup.md lists WhatsApp, Telegram, Discord, Matrix where arbitrary users can send messages) and also allows installing plugins/hooks from npm or arbitrary archive URLs (references/plugin-hook-authoring.md), so it ingests untrusted user-generated third‑party content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs installing/uninstalling node hosts "as system service" and restarting daemons (and other system-level operations), which imply modifying system service files and requiring elevated privileges that can change the machine state.