securityclaw-autonomous-soc-agent

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Moderately suspicious: while several URLs are benign local endpoints and legitimate APIs (localhost, AbuseIPDB, ara.so), the presence of a remote install script piped to sh (https://ollama.com/install.sh) and a GitHub repo to clone and run (SecurityClaw/SecurityClaw.git) means arbitrary code could be fetched and executed, which is a common malware distribution vector unless the sources are explicitly trusted and verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows skills/ip_enricher/logic.py calling external public APIs (e.g., https://api.abuseipdb.com and VirusTotal/MaxMind) to ingest third-party, user-contributed threat intel which is then fed into the LangGraph/skill workflows (e.g., threat_analyst) and can materially influence decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The setup instructs executing remote code via "curl -fsSL https://ollama.com/install.sh | sh" and cloning "https://github.com/SecurityClaw/SecurityClaw.git" (which fetches skill instruction.md files that are later used as LLM system prompts), so these external URLs are fetched/ executed during setup and supply content that directly controls agent prompts and behavior.