Skills
skills/nkchivas/openclaw-skill-peekaboo/peekaboo/Snyk

peekaboo

Fail

Audited by Snyk on Mar 11, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext credentials directly in CLI commands (e.g., peekaboo type "supersecret"), which requires the agent/LLM to output secret values verbatim and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the agent capturing and analyzing browser windows and screenshots (e.g., "peekaboo see --app Safari ... --annotate" and "peekaboo image --app Safari ... --analyze" and examples launching arbitrary URLs like "--open https://example.com"), which clearly ingests and interprets content from arbitrary public web pages (untrusted third‑party content) that can influence subsequent UI actions.
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 11, 2026, 07:28 AM