openclaw-chinese-ai-assistant

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Mixed: while several links are to legitimate vendors (nodejs.org, api.openai.com, GitHub) the set also includes unverified third‑party domains (gpt.qt.cool, openclaw.qt.cool), GitHub repos from lesser‑known accounts, a third‑party npm package and a GHCR container image referenced in install instructions — all of which could be used to distribute malicious code or exfiltrate credentials, so the bundle is moderately suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly configures agents with a 'web-search' skill (see "Programmatic Agent Creation" and "Common Patterns → Pattern 3: Skill Chains") and shows a workflow that fetches ${search_results} from the open web and passes them to summarize/markdown, meaning the agent will ingest untrusted public web content that can materially influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit instructions to install/uninstall and run a daemon/system service (openclaw gateway install/start/uninstall), global npm installs, and service/nginx configuration changes that modify system service files and require elevated privileges, so it directs actions that change the machine state.