openclaw-ref
Warn
Audited by Snyk on May 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly documents ingesting arbitrary public/user-generated content — e.g., channel plugins that download and process Telegram/Discord/Slack messages and media (references/channels-extensions.md) and web/search/fetch tools such as "openclaw infer web fetch" and the SearXNG provider (references/cli-commands.md and extensions/searxng in references/channels-extensions.md) — which the agent is expected to read and act on, so untrusted third-party content can materially influence tool use and behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime npm installs (e.g., "npm install --omit=dev --no-save --package-lock=false --ignore-scripts --legacy-peer-deps") to auto-install LanceDB and bundled plugin deps from the npm registry (https://registry.npmjs.org/), which fetches and installs remote code at runtime and therefore executes external code required by the skill.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata