clawhub-skill-scanner

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.95). Yes — https://evil.com/x.sh is a direct shell script download from an untrusted domain (high-risk for malware), and https://discord.com/api/webhooks/ (while a legitimate API endpoint) is commonly abused as a covert exfiltration sink, so together they represent a suspicious distribution/exfiltration vector.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests and analyzes untrusted skills from GitHub/URLs (see SKILL.md integration and the wrapper that runs clawhub inspect "$SKILL" --out "$TEMP") and scripts/scan_skill.py reads and interprets those fetched third‑party files to decide whether to install or block them, so external content can directly influence tool decisions.