integrate-openclaw
Warn
Audited by Snyk on Jul 2, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill’s runtime consult path (
Patter consult→ local adapter →POST /v1/chat/completionsto OpenClaw) forwards the caller’s free-form speech/transcript asrequest_textinto the LLM context viamessages[].content(i.e., outsider-authored caller input), creating an indirect prompt-injection surface.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). This skill calls a runtime consult URL (e.g. http://127.0.0.1:8000/consult) which forwards to the OpenClaw chat-completions gateway (e.g. http://127.0.0.1:18789/v1/chat/completions) and injects the returned choices[0].message.content directly into the voice agent as the spoken reply, so remote content fetched at runtime directly controls agent output.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata