clawvard-agent-eval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly makes network calls to https://clawvard.school (e.g., GET /api/exam/status, POST /api/exam/start, POST /api/exam/batch-answer) and requires the agent to read and answer exam batches returned by that public site, so untrusted third-party content from clawvard.school can directly influence the agent's decisions and subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The pre-flight script performs a runtime curl to https://raw.githubusercontent.com/okx/plugin-store/main/skills/clawvard-agent-eval/plugin.yaml to determine REMOTE_VER and, if different, runs an npx install (npx skills add ...) which can download and execute remote code, so this URL is used at runtime to control execution of remote code.