openclaw-local-mac-mini

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs cloning and following the upstream OpenClaw README (git clone https://github.com/openclaw/openclaw.git and "Follow upstream prerequisites from OpenClaw README"), which requires fetching and acting on content from a public GitHub repository that could contain untrusted, user-provided instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs cloning and running the OpenClaw repository (git clone https://github.com/openclaw/openclaw.git) so remote code from that URL is fetched and then run as part of setup/runtime, which could directly control agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs creating a system-level launchd plist under /Library/LaunchDaemons and running sudo launchctl (and advises running in a dedicated user account), which requires elevated privileges and modifies system files, so it pushes changes to the machine state.