setup-synclaw

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs passing the gateway auth token as a command-line argument (--gateway-token YOUR_TOKEN) and to edit .env with the token, which requires the agent to accept and embed the secret verbatim into commands/files (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's setup workflow explicitly git-clones https://github.com/lxcong/synclaw.git (see SKILL.md and scripts/setup.sh) and then installs/builds/runs that fetched code, which means untrusted third-party repository content is ingested and executed and could alter agent/tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The setup script clones and then installs/builds and globally installs code from https://github.com/lxcong/synclaw.git at runtime (git clone ... then npm install, npx prisma ..., npm run build, npm install -g), so remote code is fetched and will be executed as a required dependency.