skill-vetter

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). One URL (https://evil.com/steal) is an explicit exfiltration endpoint and the set includes GitHub raw/API endpoints that, while legitimate, are commonly used to host or deliver untrusted scripts/executables from unknown authors—so overall this collection is highly suspicious for malware distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and read arbitrary public skill repositories (e.g., curl to api.github.com and raw.githubusercontent.com, and clawhub install / cat of downloaded ClawHub/GitHub skill files), meaning it will ingest untrusted, user-generated third‑party content that can influence decisions and actions.