clawdbot-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs embedding API keys, bot tokens, and pairing codes directly in commands and code examples (e.g., config set env.* with "YOUR_*_API_KEY", --token "YOUR_BOT_TOKEN", Composio(api_key="...")), which would require the LLM to include secret values verbatim in generated outputs.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs installing global packages and a background gateway daemon (systemd/LaunchAgent), writing config files and modifying system services—actions that alter system state and may require elevated privileges—so it pushes the agent to modify the host system.