openclaw-integrations

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires the agent to take connectionKey values returned by the integration listing and embed them verbatim inside the mcporter --args JSON (a command-line/tool invocation), which forces the LLM to handle sensitive connection tokens directly — an exfiltration risk (even though PICA_SECRET itself is read from the environment, the connectionKey is passed through the agent's generated command).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill invokes mcporter to access the Pica MCP server (e.g., mcporter call pica.execute_pica_action and related calls) to read and act on content from connected third-party platforms like Gmail, Slack, Notion, Shopify, etc., which are untrusted, user-generated sources the agent is expected to read and interpret.