install-openclaw-to-yc

Fail

Audited by Snyk on Jun 22, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to paste Telegram bot tokens and LLM API keys and instructs the agent to embed those secret values verbatim into cloud-init, environment files, and command headers (e.g., curl -H "x-api-key: …"), which requires the LLM to handle and output secrets directly — a high exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). The list contains multiple direct installer scripts and runtime installs (NodeSource deb.nodesource.com script, Yandex Cloud install.sh fetched and piped to bash, npm package endpoints and a GitHub repo distributing install/bootstrap code), plus workshop-bundle handling and self-run cloud-init that execute remote code—patterns (curl|bash, direct .sh installers, npm/global packages, repo-distributed installers) are high-risk delivery vectors if the sources or repo are unverified and thus could be used to distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Outsider free text can enter the LLM context via the Telegram channel: the user’s /start and subsequent messages (authored by a non-operating-user) are ingested by the OpenClaw gateway and forwarded to the agent’s LLM as chat content, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).


MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to create and configure VMs, create a sudo-enabled user account, modify systemd services and config files, install CLIs and SSH keys, and open SSH/network ingress (0.0.0.0/0) — all actions that change machine state and require privileged operations, so it should be flagged.

Issues (5)

W007
HIGH

Insecure credential handling detected in skill instructions.

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 22, 2026, 04:55 AM
Issues
5
Security Audit — snyk — install-openclaw-to-yc