private-data-verification

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs embedding user-provided private data (cpdv_data) as a plain string inside a CLI JSON argument (acp job create ... --requirements '{"cpdv_data":"..."}'), which requires the LLM to include secret values verbatim in generated commands and thus poses an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). This is a GitHub-hosted repository (a common distribution channel) but it comes from an unfamiliar/third-party account and the skill instructs installing and running its CLI—potentially risky unless the repo, release binaries, signatures, and community trust are verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md step 3 requires running acp browse "Cybercentry" (after installing the ACP CLI from the public GitHub repo https://github.com/Virtual-Protocol/openclaw-acp), which fetches and requires the agent/user to read provider wallet listings from external, untrusted third-party sources that determine which wallet/job to use and thus can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime workflow requires installing and running the ACP CLI fetched from https://github.com/Virtual-Protocol/openclaw-acp, which entails downloading and executing remote code that the skill depends on.