openclaw-installer-deployment
Fail
Audited by Snyk on May 17, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The prompt repeatedly shows API keys/tokens (sk-..., AIza..., etc.) and commands that set, echo, or pass those secrets as command-line arguments or in config files (export, curl -H, openclaw config set, cat > ~/.openclaw/env), which would require an agent to include secret values verbatim in outputs.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). The instruction set includes executing remote shell scripts (curl | bash) and cloning/running code from a relatively unknown GitHub user plus custom/placeholder proxy endpoints (your-proxy.com, your-api-proxy.com) — a high-risk pattern for distributing malware despite many legitimate API domains being referenced.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). Yes — SKILL.md explicitly fetches install/config scripts from raw.githubusercontent.com (curl | bash) and configures bots that ingest untrusted, user-generated messages from public channels (Telegram, Discord, WhatsApp, Feishu), and the skill describes remote control/execution behavior (execute system commands, file operations, web browsing), so third‑party content can be read and materially influence agent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime commands that fetch and execute remote scripts (e.g., curl -fsSL https://raw.githubusercontent.com/miaoxworld/OpenClawInstaller/main/install.sh | bash and curl -fsSL https://raw.githubusercontent.com/miaoxworld/OpenClawInstaller/main/config-menu.sh | bash, and git clone https://github.com/miaoxworld/OpenClawInstaller.git then running install.sh), which clearly execute remote code the installer relies on, so these URLs are high-risk.
Issues (4)
W007
HIGHInsecure credential handling detected in skill instructions.
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata