unclawg-internet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to output sensitive tokens and machine secrets verbatim (env block, URL handoff with access/refresh tokens, and writing .env files containing OPENCLAW_MACHINE_SECRET), requiring the LLM to handle and print secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs launching Task subagents to fetch and analyze user-provided websites and public platform content (see "Soul Interview" Round 2: "If the user mentions a website, product name, or URL: launch a Task subagent to research it") and the mode templates (references/artifact-templates.md and generated modes/${AGENT_ID}.local.md) define Reddit/Twitter/LinkedIn/HN query packs that the discovery (/unclawg-discover, /unclawg-feed) flow will read and act on, meaning untrusted, user-generated third‑party content is ingested and can materially influence subsequent persona generation, queries, and approval/response actions.