openclaw

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The presence of a direct install.sh URL (https://openclaw.ai/install.sh) is a high‑risk vector because running remote shell scripts (curl | bash) can deliver malware unless you explicitly trust and have verified the publisher/domain, while the http://127.0.0.1:18789/ address is just a local dashboard endpoint and not a remote download source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly documents and exposes web-fetching and browsing tools (references/browser.md and the tools group:web/web_tools entries), public registry installs via ClawHub (references/clawhub.md), and even a curl | bash install URL in SKILL.md/README, meaning the agent will fetch and ingest arbitrary public/user-generated web content that can influence subsequent tool calls and actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly guides installing/updating/uninstalling the gateway (including a curl|bash installer), service management (systemd/launchd), and auto-fix operations that modify system services/configuration — actions that change machine state and may require elevated privileges.