claw-skill-guard

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Yes — the set is suspicious because it includes a direct .sh download on an untrusted host (xyz.example.com/setup.sh), unknown external endpoints (unknown-domain.com/config) and ClawHub skill pages that can contain hidden install/run commands (and have been linked to malware distribution), while only the 1Password blog link is benign documentation.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The scanner (scripts/scanner.py) fetches remote skill files via fetch_remote_skill/urllib (used by the "scan " command and documented in README/usage for ClawHub and GitHub URLs), so it ingests arbitrary public third‑party skill content (untrusted/user‑generated) which the agent reads and interprets as part of its workflow.