openclaw-secure-linux-cloud

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Debian/Ubuntu install steps explicitly run "sudo git clone https://github.com/openclaw/openclaw.git" and then execute bundled scripts (e.g., ./setup-podman.sh, ./scripts/run-openclaw-podman.sh), so the GitHub URL https://github.com/openclaw/openclaw.git is fetched at runtime and its code is executed as a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill directs the agent to perform server-side hardening tasks (package updates, firewall rules, service setup/restarts, SSH lockdown and config changes) that inherently modify system files and require privileged actions on the host, even though it frames them as remote-host guidance rather than local-only actions.