deepclaw-voice

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user for API keys, account SIDs, and auth tokens and to place them into config files/commands, which requires the LLM to receive and potentially output secret values verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill exposes the agent to arbitrary, untrusted user-generated content via the Twilio webhook endpoint (https:///twilio/incoming) which forwards caller audio/transcriptions through Deepgram/OpenClaw for the agent to read and act on, enabling indirect prompt injection.