zenzap-onboarding

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to take API Key, API Secret, and Control Topic ID from the API response, concatenate and base64-encode them, and then place that token verbatim into a CLI command (openclaw zenzap configure --token ), which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 5) instructs the agent to poll https://api.zenzap.co/v2/updates and read/interpret "message.created" events from non-bot (human) senders, which are untrusted user-generated messages that the agent must act on and which can materially influence its behavior.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I looked for literal, high-entropy values that directly provide access. The credentials array in the sample 201 response contains two such values:
• "utxDAedgfFXglaLX" (API Key) — random-looking alphanumeric, not a placeholder name.
• "66AybzV7s0afLeKKqpxC7wLKCTk5d7bT" (API Secret) — long, high-entropy string appropriate for an API secret.

These are not labelled as placeholders (e.g., YOUR_API_KEY, sk-xxxx), nor are they truncated/redacted. The Control Topic ID is shown with "..." and is therefore redacted/truncated and ignored. Although the snippets appear in an example response, they are literal high-entropy values and match the definition of secrets, so I flag them.