aliyun-observability

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The script intentionally installs and executes a remote installer and configures a log collector to read local OpenClaw session files (/home//.openclaw/agents/main/sessions/.jsonl) and ship them to a remote SLS endpoint, which constitutes explicit data exfiltration and a supply‑chain execution risk (although there are no hidden obfuscation layers, reverse shells, or credential harvesting beyond use of provided AK/SK).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and executes a public installer script via wget ("https://aliyun-observability-release-${REGION_ID}.oss-${REGION_ID}.aliyuncs.com/.../loongcollector.sh") in SKILL.md, which fetches and runs external, untrusted third-party content that can directly change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches and executes a remote installer at runtime via wget from https://aliyun-observability-release-${REGION_ID}.oss-${REGION_ID}.aliyuncs.com/loongcollector/linux64/latest/loongcollector.sh and runs it (./loongcollector.sh install), which executes remote code and is required for the skill to proceed.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly requires sudo, installs system packages and a collector, writes and creates files under /etc (e.g., /etc/ilogtail/*), and starts services—actions that modify system state and require elevated privileges.