skill-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches full skill files from the public registry at https://skills.droyd.ai (see SKILL.md "Fetch Skill Content" and scripts/skillhub.sh cmd_content which calls /api/skill-content and --extract to write files to /tmp/openclaw-skills/) and instructs the agent to read and execute the extracted SKILL.md and bundled scripts, meaning arbitrary third-party (user-authored) content is ingested and can directly influence subsequent tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.95). The skillhub script contacts https://skills.droyd.ai (notably /api/skill-content/{author}/{skill-name}) at runtime to fetch and extract SKILL.md and bundled scripts which the agent is then instructed to read and execute, so remote content can directly control prompts or execute code.