criticalSkill·

AGS-2026-0027

TEST OpenClaw native xurl skill validation and threat simulation

What Happened

This is a targeted simulation designed to detect the unmodified, built-in xurl skill within the OpenClaw environment. It tests the effectiveness of the local OSS guard scanner using native code signatures rather than artificial test markers.

Who's Affected

Environments where the default OpenClaw xurl skill is installed and active.

Indicators of Compromise (IoCs)

  • Local skill files matching the *xurl* naming pattern.
  • Source code containing standard HTTP request methods (e.g., fetch, axios, or requests) or explicitly defining the xurl name property.

Affected

  • bodyRegex
    (fetch|axios|requests\.get|http\.get|['"]name['"]\s*:\s*['"]xurl['"])
    namePattern
    *xurl*

Self-check

AgentGuard subscribers receive this advisory automatically and their local guard runs the inspection below.

Inspect paths

  • ~/.claude/skills
  • ~/.openclaw/*/skills
  • ~/.openclaw/workspace/skills
  • ~/.hermes/skills

Remediation: quarantine### Remediation Steps 1. **Verify Detection**: Confirm that the OSS guard successfully identifies the native OpenClaw `xurl` skill. 2. **Review Configuration**: Once the test is complete, you may disable this advisory or adjust the regex to target specific vulnerable patterns rather than the baseline skill.

References