unclawg-feed

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public social media content (Phase 2 — "Gather Posts": accepts user-pasted URLs and fetches content from platforms like x, reddit, linkedin, hacker_news, youtube, instagram, tiktok, other) and then reads/uses that untrusted post content to generate replies and drive actions in Phase 3/4, which could allow instructions embedded in third‑party posts to influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches the agent "soul" at runtime from the policy endpoint "${OPENCLAW_API_URL}/v0/integrations/claw-runtime/policies/soul_md?agent_id=${OPENCLAW_AGENT_ID}" (e.g., base URL like https://api.unclawg.com), and that fetched document directly controls the agent's voice/persona and thus the prompts/instructions the skill uses, making it a required runtime dependency.