openclaw-genie

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). The presence of a direct install.sh on an external domain (https://openclaw.ai/install.sh) — commonly invoked with curl | bash — is high-risk because it can execute arbitrary code from an unverified source; the localhost URL (http://127.0.0.1:18789/) is a local control UI (not an external download) but could be used to serve or trigger executables, so the external .sh makes this set suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly exposes runtime browsing and fetching of arbitrary public web content — e.g., the SKILL.md Tools Overview lists web_fetch and web_search and references/tools.md documents the browser tool's navigate/evaluate and PDF/http URL support — so the agent can ingest untrusted third‑party pages that could materially influence tool use and decisions.