openclone
Warn
Audited by Snyk on Jun 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow includes
/openclone ingest <URL>(and YouTube transcript ingestion), which fetches outsider-authored public web content and stores/feeds its readable text into the clone’s local markdown context for future LLM conversations.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's install and plugin commands (git clone ... https://github.com/open-clone/openclone && ./setup, /plugin marketplace add https://github.com/open-clone/openclone and the skills add -g https://github.com/akillness/oh-my-gods ...) fetch remote repositories and run setup/install steps, which downloads and executes remote code at install/runtime.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata