find-skills

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The domain itself is not a well-known vendor site and primarily indexes/links third‑party "skills" that are installed via npx/git operations (which will fetch and execute unvetted code and repositories), so while it isn't an explicit direct-download of a signed installer it represents a medium–high risk if used blindly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs browsing the public open agent skills ecosystem (https://skills.sh/) and using npx skills add <owner/repo@skill-name> to fetch and read third-party repositories and their SKILL.md files, meaning the agent will ingest untrusted, user-generated web/repo content that can influence installation and runtime actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly instructs runtime fetching/cloning of external skill repositories via "npx skills add owner/repo@skill-name" (and points to https://skills.sh/), which will download remote code that can directly define agent prompts or execute code, so it is a runtime external dependency that controls agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt instructs copying skill files into privileged /root/.openclaw directories (global agent locations), which modifies system state and would require elevated privileges even though it doesn't explicitly say to use sudo.