aliyun-sls-openclaw-integration

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill installs and runs a remotely-downloaded collector (loongcollector.sh), creates persistent /etc/ilogtail markers and a machine group, and configures that collector to read and ship local OpenClaw session files (/home//.openclaw/agents/main/sessions/.jsonl) to Alibaba SLS — constituting deliberate persistent data exfiltration and a supply-chain/remote-execution risk (installing and executing an external script without verification), which can act as a backdoor.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required One-Time Execution Flow in SKILL.md downloads and executes a public installer via wget from "https://aliyun-observability-release-${REGION_ID}.oss-${REGION_ID}.aliyuncs.com/loongcollector/.../loongcollector.sh", which fetches and runs third-party content from a public site that can materially change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runtime uses wget to download and then execute a remote installer script (./loongcollector.sh) from https://aliyun-observability-release-${REGION_ID}.oss-${REGION_ID}.aliyuncs.com/loongcollector/linux64/latest/loongcollector.sh, which clearly fetches and runs remote code and is required for the collector installation.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly requires sudo, installs system packages and a collector, downloads and runs an installer, and creates/modifies files under /etc (e.g., /etc/ilogtail/*), which are privileged system-state changes that can compromise the host.