Skills
skills/pc-style/skills/openclaw-config/Snyk

openclaw-config

Fail

Audited by Snyk on Mar 5, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill reads and writes full OpenClaw config files and includes examples that embed API keys/tokens (e.g., botToken, apiKey, raw config in gateway calls), which would require the LLM to accept, handle, and potentially output secret values verbatim when generating config or command payloads.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). The set includes direct installer scripts (install.sh, install.ps1) and explicit "curl | bash" / "iwr | iex" instructions — a high-risk delivery pattern for malware even if the domains look like project sites; documentation and the GitHub repo are lower risk by themselves but do not remove the danger of executing remote scripts.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). SKILL.md's required "First Step" explicitly instructs the agent to fetch https://docs.openclaw.ai/llms.txt and then fetch documentation pages (via curl and read_web_page) from the public docs site, so the agent will ingest and act on external, public web content that can contain actionable instructions influencing installs/configuration and thus enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs "Always fetch the latest docs index" via curl https://docs.openclaw.ai/llms.txt and to then fetch pages from that index at runtime to drive guidance, so the fetched content (https://docs.openclaw.ai/llms.txt and subsequent docs pages) directly controls agent prompts/instructions and is a required runtime dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs the agent to run installation scripts (curl|bash, PowerShell iwr|iex), install daemons (openclaw onboard --install-daemon), perform global installs (npm -g, pnpm link --global), docker builds/compose and other commands that modify system state and likely require or lead to elevated privileges, so it can compromise the machine.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 5, 2026, 02:21 AM