claw-deck

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The login flow asks the user to paste their Felo API key and explicitly instructs the agent to write it into a shell export or config file (e.g., export FELO_API_KEY="user's Key"), which requires the LLM to receive and output the secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests workspace README and resources from Felo LiveDoc (e.g., via $SCRIPT get-readme SHORT_ID, $SCRIPT resources SHORT_ID, and links like https://felo.ai/livedoc/SHORT_ID), which are third-party/user-generated contents that the agent is instructed to read, synthesize, and act on—allowing those external contents to materially influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's First-Time Installation flow tells the agent to execute a user-pasted GitHub install link (e.g., git@github.com:org/repo.git or https://github.com/org/repo.git), which would fetch and run remote code to install the required Felo LiveDoc package and thus is a runtime external dependency that can execute remote code.