metaclaw-setup-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to fetch and scrape public, user-generated content (e.g., "browse our Skool community at [URL]" in examples/community-assistant.md, the lesson-search SKILL.md, and the web_monitor template in knowledge/skill-templates.md) and to ingest that content into memory and decision workflows (indexing lessons, answering questions, triggering actions), which exposes the agent to untrusted third-party pages that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The openclaw.json starts MCP servers at runtime via commands like "npx -y @anthropic/mcp-server-brave-search" and "npx -y @anthropic/mcp-server-filesystem", which fetch and execute remote npm packages as required runtime dependencies (executing remote code).