openclaw-admin-vue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports installing and enabling skills from arbitrary public GitHub repositories (see "Custom Skill Installation" in SKILL.md: skillApi.installSkill with source: 'github' and repository: 'username/skill-repo') and also references enabling web-search/browser tools, so untrusted third‑party code/pages can be fetched and executed and therefore could inject instructions that influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The README instructs running "curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash", which downloads and executes remote installer code and is presented as a required dependency for the skill's Hermes Agent/CLI runtime features, so it constitutes a runtime-executed external dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes commands that install and start system services (curl|bash installer for Hermes, hermes gateway install/start, npm -g pm2 and pm2 startup, nginx reverse-proxy guidance) which modify system state and may require elevated privileges, so it could lead an agent to alter the machine.