openclaw-medical-skills
Fail
Audited by Snyk on Jun 19, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). The list mixes standard GitHub repositories and documentation with several lesser‑known GitHub accounts and non-official domains (e.g., clawhub.com, openclawmp.cc, skillsmp.com, llmbase.ai) and includes install/clone instructions — there are no direct .exe/zip downloads, but the presence of unknown repos, custom domains and guidance to clone/copy code into local runtimes makes these sources moderately suspicious for distributing malicious code if not verified.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.78). 该技能的运行时工作流会调用“浏览器/搜索/深度研究”等外部检索能力(如 agent-browser、multi-search-engine、deep-research、pubmed-search、medical-research-toolkit 等),从公共网页/数据库抓取的页面正文会以可读文本形式进入 LLM 上下文,属于“公共 web 内容/外部来源文本”路径。
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata