figo-openclaw-installer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks for App ID/App Secret and auth codes and instructs the agent to write them into .env files and execute commands (e.g., docker-compose exec ... <auth_code>), which requires including secret values verbatim in outputs/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly runs npm install (e.g., "npm install @openclaw/feishu"), executes docker-compose up -d (which will pull public container images), performs network checks like curl -I https://api.openai.com, and monitors service startup logs — all of which ingest untrusted public third-party content whose outputs the agent is expected to read and can materially influence automated actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly sets and uses the npm registry (https://registry.npmmirror.com/) and runs npm install (e.g., installing @openclaw/feishu) at runtime, which fetches and executes remote package code that the installer relies on.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs the agent to execute commands that alter system state—install software (winget), change npm config, write files (.env, docker-compose.yml, startup scripts), run docker-compose, modify registry/SystemD/startup items and execute fixes—actions that require elevated privileges and can change system/service configuration.