coding-agent

Fail

Audited by Snyk on May 18, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The skill deliberately instructs operators to bypass agent sandboxes and permission checks (e.g., --permission-mode bypassPermissions, --yolo, --full-auto, an "elevated" host option), mandates injecting direct outbound notification routes into worker prompts and requires workers to call openclaw message send, and encourages background execution and autonomous commit/push — together these patterns enable easy data exfiltration, remote code execution, and supply-chain or backdoor abuse, so the content is high-risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's "Reviewing PRs" and "Batch PR Reviews" instructions explicitly fetch and operate on arbitrary public GitHub repositories/PR refs (e.g., "git clone https://github.com/user/repo.git" and "git fetch origin '+refs/pull//head:refs/remotes/origin/pr/'"), so the agent will ingest untrusted, user-generated third‑party code/pages and act on them, enabling indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs using sandbox-bypassing flags (--permission-mode bypassPermissions, --yolo/no-sandbox, and an "elevated" host option) and runs background agents on the host, which encourages bypassing security controls and enabling arbitrary host-state modifications.

Issues (3)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 18, 2026, 02:11 AM
Issues
3
Security Audit — snyk — coding-agent