Skills
skills/nyldn/claude-octopus/skill-claw/Snyk

skill-claw

Fail

Audited by Snyk on Mar 23, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). The presence of a direct installer script (https://openclaw.ai/install.sh) and a GitHub repo of unclear provenance combined with explicit curl|bash install instructions and references to cloud metadata (169.254.169.254) and a local gateway port (127.0.0.1:18789) makes this set moderately to highly risky—direct .sh execution from a custom domain and any GitHub repo of unknown trustworthiness are common malware delivery vectors and the metadata/loopback endpoints can be abused for credential theft or SSRF.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The SKILL.md installation/workflow explicitly instructs fetching and executing code from public sites (e.g., "curl -fsSL https://openclaw.ai/install.sh | bash" and "git clone https://github.com/openclaw/openclaw.git" in Phase 3 Installation Workflows), so the agent will ingest and act on third‑party web content that could materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill contains installer commands that fetch and execute remote code at runtime—specifically "curl -fsSL https://openclaw.ai/install.sh | bash" and "git clone https://github.com/openclaw/openclaw.git && cd openclaw && ./docker-setup.sh"—so external content would be executed and directly control the agent's install/runtime behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs the agent to perform system-level administration (install/uninstall daemons, create/modify LXC/Proxmox containers, enable systemd lingering, run installers, modify network/Tailscale and bind mounts) — all actions that require privileged access and can change or compromise the host state.

Issues (4)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 23, 2026, 06:50 AM
Issues
4