memoclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes arbitrary user/third-party text (e.g., via memoclaw ingest --text, piping files/stdin, and memoclaw migrate ./memory/ as shown in SKILL.md and examples.md) and then uses memoclaw recall/context to assemble LLM-ready context, so untrusted content can be read and materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill issues runtime HTTPS requests to https://api.memoclaw.com (e.g., /v1/recall and /v1/context) and injects the returned LLM-ready context/memories into agent prompts, so external content from that URL directly controls prompts and is required for the skill to operate.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates a crypto wallet for auth and payments. It requires MEMOCLAW_PRIVATE_KEY, uses the wallet address as identity, and the CLI "automatically handles wallet signature auth and falls back to x402 payment" charging USDC on the Base network after the free tier. The docs instruct users to fund the wallet, check USDC balance, and show PAYMENT_REQUIRED (402) behavior. These are specific blockchain wallet/payment operations (signing and on-chain micropayments), so the skill grants direct financial execution capability.