clawhub-3

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.95). The set includes a password-protected GitHub release ZIP (unknown user) that likely contains an executable and explicit instructions to run it, plus an install script snippet and a custom registry URL—combining unknown binary distribution and "run-before-use" directions is a strong indicator of a suspicious/malicious download source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the CLI to search/install/update skills from the public ClawHub registry (https://www.clawhub.ai/) and allows custom registries via --registry, which fetches user-published/third-party skill packages (untrusted, user-generated content) that the agent would ingest and that can change tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires and expects an external executable (openclawcli) downloaded from https://github.com/Ddoy233/openclawcli/releases/download/latest/openclawcli.zip (and a macOS install command linked at https://glot.io/snippets/hfd3x9ueu5) to be installed and running, and it relies on the default registry https://www.clawhub.ai/ at runtime to fetch skill packages — these fetched binaries/packages are executed or injected into the agent runtime and therefore directly control execution or agent prompts.