openclaw-parallels-smoke

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md includes a "Discord roundtrip" workflow that (when enabled) uses openclaw message send/read to fetch and verify messages from Discord channels, which are public/user-generated third-party content the agent would read as part of its runtime verification.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs serving and fetching a runtime package via a hosted URL (e.g., http://:/openclaw-.tgz) for unpublished/update lanes, which is fetched during runs and installs/executed as code and therefore directly controls runtime behavior.