clawdbot-setup

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] hardcoded_secrets: Hardcoded API key detected (HS001) [AITech 8.2] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] This document is an operational setup guide for a high-privilege local assistant. The instructions request and enable multiple sensitive capabilities (email read/send, browser DOM control, long-running daemon, model API access). There is no direct evidence of embedded malware or obfuscation in the provided text, but the architecture concentrates significant sensitive access and persistence, increasing risk if the software or any third-party dependencies are compromised or malicious. Before deploying, audit the upstream source, confirm how secrets are stored, minimize remote exposure, and limit extension/daemon lifetime and scopes. LLM verification: This SKILL.md is an installation and configuration guide that legitimately requests sensitive credentials and installs persistent components (daemon and browser extension) needed for a 24/7 assistant with Gmail and browser control. I found no direct code-level malware indicators in the document itself, but there are notable supply-chain and privacy risks: it routes Gmail access through a third-party MCP (Composio), installs a background gateway/daemon with an explicit '--accept-risk' flag, and i