First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
5
Score
85/100
Findings (5)
Detects dangerous URI schemes or path traversal in resource fields
URL=file:///Implement strict input validation on the MCP tool's parameters. Block tool calls that attempt to modify the agent's system prompt, configuration, or tool definitions.
Likely FP if the match is a tool that legitimately updates configuration (e.g., a settings manager) and mentions prompt editing only for user-facing customization.
Detects execution of shell script files via bash/sh command or direct invocation
sh ~/.openclaw/workspace/skills/nano-banana-pro-openrouter/scripts/generate_image.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
sh ~/.openclaw/workspace/skills/nano-banana-pro-openrouter/scripts/generate_image.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
sh ~/.openclaw/workspace/skills/nano-banana-pro-openrouter/scripts/generate_image.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
sh ~/.openclaw/workspace/skills/nano-banana-pro-openrouter/scripts/generate_image.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.