Skills
skills/nyldn/openclaw-admin/skill-claw/Snyk

skill-claw

Fail

Audited by Snyk on Apr 10, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). Three of the links are environment/management endpoints (127.0.0.1 local gateway, 169.254.169.254 OCI metadata) and one is a GitHub repo (generally lower risk), but the presence of a direct install shell URL (https://openclaw.ai/install.sh) that the skill instructs users to curl|bash makes this bundle potentially dangerous unless you verify the domain, inspect the script, check the GitHub repo history/signatures and confirm the installer’s integrity — treat as moderately high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and acts on third‑party content: SKILL.md/README and docs instruct fetching external install scripts and repos (curl https://openclaw.ai/install.sh, git clone https://github.com/…), the persona lists WebSearch/WebFetch/Read tools, and the skill config and docs integrate public, user‑generated messaging channels (Slack, Telegram, WhatsApp, Discord, Signal) and gogcli Google Docs/Sheets which the agent is expected to read and which can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly instructs at runtime to fetch and execute remote installer scripts (for example: curl -fsSL https://openclaw.ai/install.sh | bash), which will execute remote code and is presented as the recommended/required install/update path.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs installing system daemons (curl | bash installer), managing systemd/launchd services, firewall, Proxmox LXC configs (TUN devices), and other host-level changes that require elevated privileges and can modify/compromise the machine state.

Issues (4)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 10, 2026, 03:48 AM
Issues
4
Security Audit — snyk — skill-claw