Clawflow

The OpenClaw AgentSkills skill bundle is classified as suspicious due to a significant prompt injection vulnerability inherent in its design. The `SKILL.md`, `agent-loop.md`, `coordinating.md`, and `schemas.md` documents explicitly instruct the AI agent to embed 'upstream results' directly into the 'Context' section of dispatch messages for dependent subtasks. This means that if a malicious or compromised sub-agent returns crafted instructions or payloads as its 'results', the coordinating agent is designed to forward these unsanitized instructions as context to subsequent agents, potentially leading to a chain of prompt injections and unauthorized control over other agents in the DAG. The `init.py` and `message.py` scripts are utility files that appear benign and do not introduce direct vulnerabilities or malicious behavior themselves.