skills/aradotso/trending-skills/picoclaw-ai-assistant/Snyk

picoclaw-ai-assistant

Warn

Audited by Snyk on Mar 17, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly includes configurable web search tools (e.g., "tools.web.tavily" and "tools.web.brave" in ~/.picoclaw/config.json and the "Full-Stack Dev Assistant with Web Search" pattern) which let the agent fetch and consume open/public web search results, so untrusted third-party content can be read and influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill README explicitly instructs users to download and execute precompiled binaries from the GitHub releases URL (e.g., https://github.com/sipeed/picoclaw/releases/download/v0.1.1/picoclaw-linux-arm64) and to clone the repository (https://github.com/sipeed/picoclaw.git), which fetches remote code that is then executed locally.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 17, 2026, 07:31 AM

Issues

2