configure-notifications

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the agent to collect platform secrets (Discord webhooks, Telegram bot tokens, Slack incoming webhooks, headers/URLs) and then write them directly into config via shell/jq commands (embedding values into generated commands/config), which requires the LLM to handle and potentially output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly wires notifications through external, user-facing channels (OpenClaw/clawdbot -> Discord in Step 4b-1) and exposes a reply listener (Step 5: notifications.reply.enabled / OMX_REPLY_DISCORD_USER_IDS) as well as configurable generic webhooks and CLI commands (Step 4a/4b) that accept arbitrary URLs/commands, so it will ingest untrusted, user-generated third-party content (Discord/webhook/command outputs) which can influence agent behavior.