openclaw-complete-deployment-guide

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The guide repeatedly instructs pasting API keys/secrets directly into config files and command lines (e.g., openclaw.json apiKey, systemd ExecStart with -deapApiKey, Qoder command/env var inline), which requires the agent to handle and output secret values verbatim, creating an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). Although many URLs are official documentation and vendor consoles, the list includes direct-download/install scripts (e.g., clawd.bot/install.sh and raw GitHub .sh piped to bash) and GitHub release assets from less-known accounts, which are high-risk indicators for distributing malicious binaries or scripts.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md explicitly instructs connecting the OpenClaw Gateway to public IM platforms (see 第七/第八/第九/第十阶段: 飞书、钉钉、QQ、Discord) and DEAP/Qoder connectors so the agent ingests arbitrary user-generated messages (via WebSocket/Stream/Connector) that the agent is expected to read/interpret (e.g., event handling, /acp spawn, DEAP tasks) and which can materially change tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The guide includes commands that fetch and execute remote install scripts at runtime (e.g., curl -fsSL https://clawd.bot/install.sh | bash and curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash), which clearly download and run remote code as required installation steps.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). Flagged because the guide explicitly instructs creating and editing system files (e.g. /etc/sysctl.conf, /etc/systemd/system/*.service), enabling/starting systemd services, and running commands as root—actions that modify machine state and require elevated (sudo/root) privileges.