healthcheck

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly recommends running npm view openclaw version as part of the "Required prompt to schedule" workflow, which fetches package metadata from the public npm registry (an untrusted third-party source) and uses that returned version information to inform update decisions and actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs the agent to perform system-level audits and—given user approval—apply state-changing fixes (e.g., openclaw security audit --fix, cron scheduling, package/service changes, user/group modifications and firewall/SSH edits), so while it requires confirmations it clearly enables modifying the host and could compromise machine state if executed.