openclaw-docs-audit

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The docs page looks like normal documentation, but the second URL is a direct install.sh (commonly used with curl | bash), which is a high‑risk pattern for distributing executables unless you review the script and verify the domain/release integrity, so treat this as suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's audit workflow and scripts explicitly fetch and ingest upstream GitHub release notes (via "gh release view" in SKILL.md and scripts/audit.sh) and the public config reference (docs.openclaw.ai via WebFetch) and instruct the agent to feed and act on that third‑party content to drive diffs and remediation recommendations, meaning untrusted external text can materially influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The audit script and SKILL explicitly fetch upstream release bodies via GitHub (gh release view --repo openclaw/openclaw ...) and instruct using WebFetch on https://docs.openclaw.ai/gateway/configuration-reference to feed those fetched documents into the conversation, so remote content is retrieved at runtime and can directly control agent prompts.