Skills
skills/majiayu000/claude-arsenal/openclaw-deploy/Snyk

openclaw-deploy

Fail

Audited by Snyk on Feb 21, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). Insecure — the prompt instructs the agent to ask for API keys/Bot tokens/auth_token and to embed them verbatim into commands, config files, scripts and saved credential files (e.g., openclaw.json, openclaw config set, proxy/service env files, Python AUTH_TOKEN), which forces the LLM to handle secrets in plaintext and output them directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and executes public third-party content (for example "curl -fsSL https://openclaw.ai/install.sh | bash", downloading scripts from raw.githubusercontent.com, and driving Playwright to navigate external sites including X/Twitter and api.telegram.org) which the agent is instructed to ingest/act on as part of the installation/browser steps and therefore could allow untrusted user-generated/web content to influence tool use and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt instructs the agent to perform numerous privileged, system-level modifications (install packages, run curl|bash installer, write/replace /usr/bin and /usr/lib files, create and enable systemd services, change permissions, and enable linger), which clearly modify and can compromise the machine's state.
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 21, 2026, 12:22 PM