ddgs-web-search

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Two of the URLs point to direct installer scripts (https://astral.sh/uv/install.sh and https://astral.sh/uv/install.ps1) which are high-risk when fetched and executed or piped into a shell/PowerShell (common malware delivery vector), while the other two URLs are benign content pages/placeholders; therefore the presence of direct .sh/.ps1 installer links makes this set suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches open/public web content using ddgs.DDGS().text and .news in scripts/ddgs_search.py (and SKILL.md shows invoking that script in OpenClaw and parsing its JSON output), thereby ingesting untrusted public search results that the agent is expected to read and that could materially influence subsequent actions.