openclaw-droidclaw-bridge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime explicitly fetches and ingests JSON from external DroidClaw endpoints (e.g., GET /devices, GET /devices/:deviceId/sessions, GET /devices/:deviceId/sessions/:sessionId/steps as used in references/droidclaw-integration.md and scripts/droidclaw_ctl.py and preflight/service scripts) and also can clone a public GitHub repo during setup, meaning untrusted/user-generated device/session data or remote repo contents could be read and influence subsequent control actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The service script (scripts/droidclaw_service.sh) performs a runtime git clone of https://github.com/unitedbyai/droidclaw.git and then runs bun install / bun run on that checked-out code, which fetches remote code at runtime and executes it, meeting the criteria for a risky external dependency.