openclaw-docs-audit

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The docs page appears benign, but the presence of a direct install.sh on an unverified domain (and the prompt instructing curl https://openclaw.ai/install.sh | bash) is a high‑risk delivery pattern — piping remote shell scripts from an untrusted/unknown host can readily distribute malware if the domain or script is compromised.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's audit workflow and scripts explicitly fetch and ingest upstream GitHub release notes (via "gh release view" in SKILL.md and scripts/audit.sh) and the public config reference (docs.openclaw.ai via WebFetch) and instruct the agent to feed and act on that third‑party content to drive diffs and remediation recommendations, meaning untrusted external text can materially influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The audit script and SKILL explicitly fetch upstream release bodies via GitHub (gh release view --repo openclaw/openclaw ...) and instruct using WebFetch on https://docs.openclaw.ai/gateway/configuration-reference to feed those fetched documents into the conversation, so remote content is retrieved at runtime and can directly control agent prompts.