unclawg-respond

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches human feedback and social-reply context from the OpenClaw API (e.g., GET /v0/approval-requests and GET /v0/approval-requests/{approval_id}/messages, which include user feedback, original_post/source_post_text and source_post_url) and directly reads and interprets that untrusted, user-generated content to decide actions (fulfill/deny/clarify) and to synthesize edited outputs, so third-party content can materially influence tool decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script performs runtime calls to the configured OpenClaw API (OPENCLAW_API_URL, e.g. https://api.unclawg.com) — notably GET /v0/integrations/claw-runtime/policies/soul_md — to fetch the agent's published "soul" text which directly controls prompt/personality instructions and is required for the skill to operate.