warn
suspicious.prompt_injection_instructions
- Location
- SKILL.md:22
- Finding
- Prompt-injection style instruction pattern detected.
skill-guard w Snyk Agent Scan
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.prompt_injection_instructions
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
The documentation includes attack-like wording, but it is used as an example of what the scanner looks for.
Why it was flagged
The skill discusses prompt-injection text as a threat example. This explains the static prompt-injection signal and appears aligned with the skill’s scanner purpose.
Skill content
Skills can contain: - 🎭 **Prompt injections** — hidden "ignore previous instructions" attacks
Recommendation
Do not treat the example phrase as an instruction; review scanner results and the skill source normally.
What this means
Running the wrapper depends on the current external snyk-agent-scan package, which may update independently of this skill.
Why it was flagged
The security scanner is executed from an unpinned latest package, so the code run during scans can change over time.
Skill content
SCANNER_CMD=(uvx snyk-agent-scan@latest)
Recommendation
Prefer a pinned scanner version or verify the scanner package before use, especially in sensitive environments.
What this means
The wrapper can change the agent’s installed skills, which is expected but high-impact if used on the wrong slug or with a bad scan result.
Why it was flagged
After a clean scan, the script installs the staged skill into the user’s persistent OpenClaw skills directory.
Skill content
mv "$staged_path" "$SKILLS_DIR/"
Recommendation
Use it only with intended skill slugs, review warnings, and avoid --skip-scan unless you accept the risk.
What this means
The scanner runs with access to the SNYK_TOKEN environment variable and the staged skill content.
Why it was flagged
The script expects a Snyk token in the environment so the external scanner can authenticate.
Skill content
SNYK_TOKEN Required by snyk-agent-scan for authenticated scanning
Recommendation
Use a Snyk token with the minimum necessary permissions and avoid running the wrapper in shells containing unrelated sensitive environment variables.