zeroclaw

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). One URL is a placeholder API hostname and the others are a GitHub repo from an unverified/unknown author that the skill instructs users to clone and run bootstrap/install scripts — running unreviewed repo scripts/binaries is a common malware vector, so treat this as potentially suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted, user-generated content via its communication channels (see references/CHANNELS.md for Telegram/Discord/Slack/Webhook/Email/etc.) and via web access tools (web_search and HTTP request/browser settings in references/CONFIG.md), and those channel messages include in-chat commands (e.g., "/models " in CHANNELS.md) that can change providers/models and otherwise affect agent behavior, so third-party content can materially influence tool use and decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt instructs installing and managing a system service (e.g. "zeroclaw service install"), running bootstrap scripts, and explicitly supports an autonomy "full" mode that allows arbitrary command execution—actions that can modify system files or require/suggest elevated privileges and thus can compromise machine state.