openclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md instructs the agent to run "npx -y clawhub search/install" to fetch and install skills from the public OpenClaw (clawhub) registry into the session's skill directory, which downloads untrusted third‑party packages that are then added to the system prompt and can alter agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill invokes npx -y clawhub at runtime (fetching https://registry.npmjs.org/clawhub), which downloads and installs remote skill packages whose content is then added to the agent's system prompt and can therefore execute code or directly control prompts.