claw-beacon

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to request and accept API tokens/GitHub PATs and to embed them verbatim into curl commands, config files, and API calls (e.g., -H "x-api-key: <API_KEY>", openclaw.json "apiKey", "Share the token with me"), which forces the LLM to handle secrets directly and exposes a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains multiple intentional, high-risk automation and credential-handling patterns (browser-driven OAuth automation to "auto-retrieve API keys", explicit prompts to share GitHub/Railway/Supermemory tokens, instructions to store and use those secrets, and orchestration that can spawn sub-agents to commit/deploy) that enable credential theft, account takeover, and supply‑chain/remote‑execution abuse if used maliciously.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly requires browser automation (Step 4 "Browser Setup" and the "Browser + GitHub OAuth" flows) where the agent autonomously navigates public third‑party sites (Railway, Supermemory, Vercel, etc.), reads dashboard pages and copies API keys/credentials—i.e., it fetches and interprets untrusted third‑party web content that directly determines subsequent actions and tool use.