openclaw-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user for API keys and bot tokens and then embed those secrets verbatim into config files, commands, and systemd Environment lines (e.g., Telegram token, Anthropic/Groq/OpenAI keys, GOG_KEYRING_PASSWORD), which requires the LLM to handle and output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to create and connect a Telegram bot (Phases 4–5 and testing in Phase 10) and to read/respond to incoming Telegram messages, meaning it will ingest untrusted, user-generated content from a public third‑party service (Telegram) and could be exposed to indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to SSH into the user's server and run sudo-level commands that modify system files and services (e.g., editing /etc/ssh/sshd_config, creating systemd service files in /etc/systemd, installing packages, changing /etc/fstab), so it directs the agent to perform privileged, state-changing operations on the machine.