metaclaw-setup-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires using web/browser tools and the provided templates (e.g., knowledge/skill-templates.md "Web Scraping & Monitoring", skills/lesson-search SKILL.md, and the Community Assistant example) to scrape and read public sites (Skool, YouTube, social media, arbitrary URLs) and then act on that content (indexing lessons, answering questions, clipping/publishing), so untrusted, user-generated third‑party content is ingested and can directly influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's openclaw.json declares MCP servers launched via npx (e.g., "npx -y @anthropic/mcp-server-brave-search" and "npx -y @anthropic/mcp-server-filesystem"), which will fetch and execute remote npm packages at runtime and are required MCP dependencies—allowing remote code to run as part of the agent runtime.