skills/aradotso/hermes-skills/openclaw-mission-control/Snyk

openclaw-mission-control

Fail

Audited by Snyk on May 17, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 0.90). Although most links are local/internal API endpoints or documentation, the presence of a direct raw GitHub shell installer (curl -fsSL https://raw.githubusercontent.com/abhi1693/openclaw-mission-control/master/install.sh piped to bash) and cloning from an unverified GitHub user are high‑risk distribution vectors for malicious code if the source is not trusted.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The Quick Start installer fetches and executes remote code via curl -fsSL https://raw.githubusercontent.com/abhi1693/openclaw-mission-control/master/install.sh | bash (and the project also requires cloning https://github.com/abhi1693/openclaw-mission-control.git which pulls code that is later executed), so external content is fetched and run during setup.

Issues (2)

E005

CRITICAL

Suspicious download URL detected in skill instructions.

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

CRITICAL

Analyzed

May 17, 2026, 01:37 AM

Issues

2

Security Audit — snyk — openclaw-mission-control