Skills
skills/smartchainark/nby-skills/openclaw-task-worker/Snyk

openclaw-task-worker

Fail

Audited by Snyk on Apr 1, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes an actual ANON token and instructs embedding worker_api_key values verbatim into curl JSON bodies/headers (e.g., "worker_api_key": "sk_xxx"), which requires the LLM to handle and output secret values directly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches publisher-provided, user-generated task content (full "content", summaries, images, platform_config) from the OpenClaw Supabase API (https://ieoybuwlfiwbownpwpqc.supabase.co) via get_task/claim_task and requires the agent to read and act on that untrusted content to perform publishing, which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill performs runtime POST requests to https://ieoybuwlfiwbownpwpqc.supabase.co (BASE) to claim tasks and receive the task "content" (Markdown) that directly instructs the agent what to do, so this external URL supplies runtime instructions that control the agent.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). The ANON value in the Quick Start block is a full, high-entropy JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imllb3lidXdsZml3Ym93bnB3cHFjIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzA5NzA3OTIsImV4cCI6MjA4NjU0Njc5Mn0.2Yfe-IMMF5s2lAILMS7zIFI1CK1X6nrb-IU8Tpo_9Kk

It is assigned to ANON and explicitly used as the apikey header in curl examples to call the Supabase REST endpoints, so it is a directly present, usable credential. This is not a placeholder, truncated, or a simple setup password — it is high-entropy and provides service access, so it should be flagged.

Ignored items: the BASE URL is just an endpoint (not a secret). Occurrence of "sk_xxx" in examples is a placeholder and intentionally ignored per the rules.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Apr 1, 2026, 05:54 PM
Issues
4