session-logs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill instructs the agent to extract and print raw message text from session JSONL files (e.g., with jq/rg), which will verbatim reproduce any API keys, tokens, or passwords present in those logs and thus can exfiltrate secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads conversation transcripts stored under ~/.openclaw/agents//sessions/ (which map to chat providers like discord, whatsapp) and ingests user-generated, untrusted third-party messages as part of its search/analysis workflow, so those external messages could contain instructions that influence agent behavior.