Ansible

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes plaintext secret examples (e.g., vault_eva_password: "y8UGHR1qH", ansible_ssh_pass: "initial_password") and shows patterns that embed secrets directly into inventory and command-line arguments (ansible-playbook -e "ansible_ssh_pass=$PASSWORD"), which would require the LLM to output secret values verbatim and create an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's playbooks and role tasks (e.g., playbooks/openclaw-vps.yml and roles/nodejs/tasks/main.yml) fetch and install remote artifacts—curl-ing the NodeSource GPG key and apt repo, adding external apt repos, and installing npm packages (and potentially git clones/npm installs)—which come from public, user-maintained sources (npm/GitHub/apt repos) and are executed as part of the workflow, so untrusted third-party content can influence runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The playbooks run curl/apt against NodeSource (e.g. curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key and the repo URL https://deb.nodesource.com/node_<nodejs_version>.x) and install npm packages (openclaw), which fetch and install/execute remote code at runtime and are required for the skill to function.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly includes playbooks and roles that run with become/root, create user accounts, edit system files like /etc/ssh/sshd_config, manage systemd services, and handle SSH keys/vault secrets — all actions that modify and can compromise the machine state.