openclaw-deploy
Fail
Audited by Snyk on May 14, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the agent to collect API keys and Bot Tokens and then inserts those secrets verbatim into commands, config files, and saved credential notes (e.g.,
openclaw config set ... '<BOT_TOKEN>', systemd Environment entries, and openclaw-credentials.txt), which requires the LLM to handle and emit secret values directly.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and executes public third-party content (for example "curl -fsSL https://openclaw.ai/install.sh | bash", downloading scripts from raw.githubusercontent.com, and driving Playwright to navigate external sites including X/Twitter and api.telegram.org) which the agent is instructed to ingest/act on as part of the installation/browser steps and therefore could allow untrusted user-generated/web content to influence tool use and subsequent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs remote install scripts at runtime (e.g. curl -fsSL https://openclaw.ai/install.sh | bash and curl -fsSL https://deb.nodesource.com/setup_22.x | bash / https://rpm.nodesource.com/setup_22.x | bash), which fetch and execute remote code that the deployment relies on to install required dependencies (OpenClaw/Node.js).
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt instructs the agent to perform numerous privileged, system-level modifications (install packages, run curl|bash installer, write/replace /usr/bin and /usr/lib files, create and enable systemd services, change permissions, and enable linger), which clearly modify and can compromise the machine's state.
Issues (4)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata