secondme-openclaw-notes

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read {baseDir}/.credentials for an accessToken and to use an "Authorization: Bearer " header in its API requests, which requires inserting the secret token verbatim into generated requests/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Search Notes" endpoint (GET https://app.mindos.com/gate/in/rest/third-party-agent/v1/notes/search) returns note items including title, content, and summary from the external SecondMe service, which are likely user-generated/untrusted and the agent is expected to read and act on them as part of its workflow, allowing indirect prompt-injection via note content.