wjs-promoting-skills

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The code is not overtly malware, but it grants a headless AI agent broad local read/write and shell capabilities (Bash tools), enables network access (WebFetch, xurl) and installs a persistent launchd job that auto-posts to an authenticated X account — a combination that strongly enables stealthy data exfiltration, credential leakage or remote command execution if the AI agent or prompts are compromised or abused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly runs web research: prompts/research-marketplaces.md (and research-marketplaces.sh) instruct the agent to use WebFetch/WebSearch and xurl to scrape public marketplaces and social media (e.g., clawhub.ai, agentskills.io, skillsmp.com, X/Twitter, Reddit, Hacker News), and the resulting state/research.md is read by make-plan.sh and daily-post.md to decide angles and generate posts—so untrusted, user-generated third‑party content is fetched and directly influences agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's research step (research-marketplaces.sh) runs Claude with WebFetch/WebSearch and explicitly instructs it to fetch marketplace pages (e.g., https://clawhub.ai) at runtime, so remote page content directly controls the agent's prompt outputs (state/research.md) used by later prompt-driven steps.