crawl4ai

Fail

Audited by Snyk on Jun 17, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The skill prompt includes examples that pass session IDs and similar credentials directly on the command line (e.g., crwl ... -c "session_id=user_session") and references proxy/auth configuration, which encourages embedding secret values verbatim in commands/requests and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). At runtime, the skill’s /crawl4ai <url> path invokes Crawl4AI’s headless browser to fetch the user-supplied URL and then ingests the fetched page’s rendered text/HTML into the agent context as returned markdown (outsider-authored web content via network fetch + HTML→markdown conversion).

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the skill docs for literal high-entropy credentials. I found one likely real API key string:
  • gsk_1ClHGGJ7Lpn4WGybR7vNWGdyb3FY7zXEw3SCiy0BAVM9lL8CQv

Why I flag it:

  • It is a long, random-looking token (high entropy) and matches common API-key formatting (gsk_...).
  • It is presented as an inline example value for LLMConfig.api_token (not as "env:" or a placeholder), so it appears to be an actual token rather than a generic placeholder.

Other potential-looking items I ignored (and why):

  • sk-YOUR_API_KEY, sk-YOUR_API_KEY (placeholders) — documentation placeholders.
  • "your-openai-token", "your-api-token" — obvious example placeholders.
  • env:GEMINI_API_TOKEN, api_token = "env:GEMINI_API_TOKEN" — environment-variable reference, not a literal secret.
  • Any short/simple strings (e.g., "openclaw", "1234", "clawd") — setup/example values per the ignore rules.
  • Truncated/redacted forms (e.g., sk-...) — not flagged per rules.

Files/locations:

  • The gsk_ token appears in the complete-sdk-reference.md examples (LLMConfig / LLM examples).

Because the gsk_ value is a literal, high-entropy token present in the docs, it meets the definition of a secret and should be treated as a leak.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 17, 2026, 07:51 AM
Issues
3
Security Audit — snyk — crawl4ai