alibabacloud-openclaw-ecs-dingtalk

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to collect or retrieve real API credentials (DingTalk client secret and the Bailian ApiKey), record the full ApiKeyValue, and embed/encode those secrets into command strings (even if base64-encoded), which requires the LLM to handle and emit secret values verbatim in its outputs—creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required execution steps explicitly download and run external public scripts and packages—e.g., Step 4 curls and executes https://openclaw-install-scripts.oss-cn-hangzhou.aliyuncs.com/install.sh and Step 3/configures npm to use the public registry https://registry.npmmirror.com—so untrusted third‑party code/content is fetched and executed as part of the workflow and can materially change subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's runtime RunCommand steps explicitly curl and execute remote installers—e.g., https://openclaw-install-scripts.oss-cn-hangzhou.aliyuncs.com/install.sh and https://deb.nodesource.com/setup_22.x—which fetch required remote code and run it on the instance.