openclaw-ref

Warn

Audited by Snyk on May 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly documents ingesting arbitrary public/user-generated content — e.g., channel plugins that download and process Telegram/Discord/Slack messages and media (references/channels-extensions.md) and web/search/fetch tools such as "openclaw infer web fetch" and the SearXNG provider (references/cli-commands.md and extensions/searxng in references/channels-extensions.md) — which the agent is expected to read and act on, so untrusted third-party content can materially influence tool use and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime npm installs (e.g., "npm install --omit=dev --no-save --package-lock=false --ignore-scripts --legacy-peer-deps") to auto-install LanceDB and bundled plugin deps from the npm registry (https://registry.npmjs.org/), which fetches and installs remote code at runtime and therefore executes external code required by the skill.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 05:45 PM
Issues
2
Security Audit — snyk — openclaw-ref