Skills
skills/openclaw/skills/askhuman/Snyk

askhuman

Fail

Audited by Snyk on Mar 5, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill repeatedly shows and instructs embedding API keys and tokens directly into curl commands and query strings (e.g., X-API-Key: askhuman_sk_..., ?apiKey=askhuman_sk_...), which requires the LLM to handle or output secret values verbatim and is a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly creates tasks and polls the AskHuman API (e.g., GET https://askhuman-api.onrender.com/v1/tasks/<task_id> and reads the worker "result" field, and also can read public testimonials via /v1/ingest/volunteer-review) — these are user-generated, untrusted third‑party contents that the SKILL.md instructs the agent to read and use to drive decisions, so they could inject instructions indirectly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to https://askhuman-api.onrender.com (e.g., creating tasks and polling for worker "result" submissions) and relies on those remote responses (human-provided answers) to determine the agent's next actions, meaning fetched content from that URL directly controls agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly implements a crypto payment flow. It requires registering an agent with a walletAddress, provides an endpoint to fetch permit data, instructs the caller to construct and sign an EIP-2612 USDC permit (with escrow contract as spender), and states the platform will call lockFor() to move USDC from the agent wallet to escrow. Task creation accepts a signed permit and amountUsdc; approving a task releases payment. These are specific, built-in financial operations (USDC permits / on-chain transfers / wallet signing), not generic API or browser tooling.
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 5, 2026, 05:41 PM