openclaw-guardian

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URL is a GitHub repository (a legitimate host) but belongs to an unrecognized/third‑party user and points to code you would clone/run as a plugin — cloning and executing unknown repo content can run arbitrary code, so this is moderately high risk unless the project is independently verified.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls external LLM provider endpoints at runtime (provider.baseUrl → e.g. POST to {llmUrl}/v1/messages or {llmUrl}/v1/chat/completions such as https://api.anthropic.com/v1/messages or https://api.openai.com/v1/chat/completions) to decide approval/blocking of flagged tool calls, so remote responses directly control the agent's allow/block behavior.