Skills
skills/openclaw/skills/cloud-local-bridge/Snyk

cloud-local-bridge

Fail

Audited by Snyk on Mar 10, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The prompt includes an explicit command-line example passing a token via --token "xxx" (and uses literal pairing codes), which encourages embedding secret values verbatim in generated commands/outputs and thus poses a direct exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill intentionally implements remote command execution (subprocess.run with shell=True), arbitrary file read/write/download endpoints, and automatic exchange/storage of bearer tokens and server addresses (including persisting them in user home files and exposing them via the pairing flow), providing clear backdoor and data-exfiltration capabilities (also binds service to 0.0.0.0 and supports callbacks to attacker-controlled URLs), so it functions as a deliberate remote-access/data-exfiltration mechanism.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). This skill accepts and executes arbitrary content from external HTTP clients—most clearly in scripts/bridge_server.py's /execute handler (and demonstrated in references/EXAMPLES.md via curl POSTs) where remote JSON "command" fields from untrusted cloud/third-party sources are run locally, so third‑party input can directly control agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.95). The skill exposes and relies on a runtime HTTP endpoint used in examples (e.g., http://192.168.1.100:8080/execute) which accepts JSON with a "command" field and directly executes it via subprocess.run on the local host, allowing remote HTTP requests to cause arbitrary code execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly implements remote command execution and file synchronization between cloud and local instances (and even shows running a server under /root), which enables remote modification of files and system state and thus can compromise the machine.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 10, 2026, 03:37 PM