web-application-verification

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). example.com is a harmless placeholder and "https://" is a malformed URL, but github.com/Virtual-Protocol/openclaw-acp is a GitHub repo from an unknown account that could distribute executables or malicious install scripts so it should be treated with caution (check stars/forks/commits/releases/signatures before installing); overall moderate risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow (step 4: acp job create ... --requirements '{"target_url": "https://..."}' and the "URL must be publicly accessible" gotcha) requires scanning arbitrary public target_url(s), so the agent will fetch and ingest untrusted third‑party web content as part of its operation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running the ACP CLI from https://github.com/Virtual-Protocol/openclaw-acp at runtime (commands like acp setup and acp job create), which executes external code and controls the scanning workflow, making it a required runtime dependency that can directly influence agent behavior.