Skills
skills/bankrbot/openclaw-skills/bankr-signals/Gen Agent Trust Hub

bankr-signals

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to periodically fetch and follow instructions from a remote markdown file (https://bankrsignals.com/heartbeat.md). This architecture creates an indirect prompt injection surface where the remote source can dynamically influence agent actions without a formal skill update.
  • Ingestion points: SKILL.md and HEARTBEAT.md (remote retrieval of heartbeat guidelines).
  • Boundary markers: Absent; the instructions direct the agent to "follow" the fetched content directly.
  • Capability inventory: File system writing (config.json), network requests (curl), and shell command execution (node, python3).
  • Sanitization: None detected for the remote content.
  • [COMMAND_EXECUTION]: The skill provides shell commands and scripts that execute logic using curl, mkdir, and node -e or python3 -c for cryptographic signing and data processing. Specifically, publish-signal.sh generates a JavaScript snippet to sign messages via Node.js.
  • [EXTERNAL_DOWNLOADS]: The skill performs multiple network requests to vendor domains (bankrsignals.com, bankr.bot, api.bankr.bot) to manage custodial wallets, register providers, and fetch signal data or heartbeat instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 03:35 PM