orionads

clawhub:orionads

View source

75/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

75/100

CRITICAL 1

LOW 1

Findings (2)

CRITICAL

Jailbreak template PROMPT_INJECTION_011

prompt-injection L46

Detects common jailbreak prompt patterns

Developer Mode

FIX

Remove directives that attempt to exfiltrate data through the agent's response (e.g., asking the agent to embed credentials in URLs or include secret values in output).

FP?

Likely FP if the text is a legitimate tool instruction about displaying configuration to the user (e.g., show current settings) without external transmission.

LOW

Non-localhost remote MCP server URL MCPCFG_004

mcp-config L88

Detects MCP server configurations connecting to non-localhost remote URLs

"url": "https://url.com"

FIX

Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.

FP?

Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).