openclaw-medical-skills

Fail

Audited by Snyk on Jun 19, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). The list mixes standard GitHub repositories and documentation with several lesser‑known GitHub accounts and non-official domains (e.g., clawhub.com, openclawmp.cc, skillsmp.com, llmbase.ai) and includes install/clone instructions — there are no direct .exe/zip downloads, but the presence of unknown repos, custom domains and guidance to clone/copy code into local runtimes makes these sources moderately suspicious for distributing malicious code if not verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.78). 该技能的运行时工作流会调用“浏览器/搜索/深度研究”等外部检索能力(如 agent-browser、multi-search-engine、deep-research、pubmed-search、medical-research-toolkit 等),从公共网页/数据库抓取的页面正文会以可读文本形式进入 LLM 上下文,属于“公共 web 内容/外部来源文本”路径。

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 19, 2026, 11:37 PM
Issues
2
Security Audit — snyk — openclaw-medical-skills