clawflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and runs automations from the public ClawFlows registry (e.g., https://clawflows.com and the referenced GitHub registry), which are user-provided YAML workflows the agent parses and executes, so untrusted third-party content can directly control behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly installs and runs automations "from clawflows.com" (e.g., via clawflows install which downloads YAML automations that directly define execution steps and agent behavior), so the registry URL https://clawflows.com is a runtime dependency that can control prompts/instructions.