Skills
skills/bankrbot/openclaw-skills/productclank-campaigns/Gen Agent Trust Hub

productclank-campaigns

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from multiple sources. \n
  • Ingestion points: The reply_guidelines field (SKILL.md) accepts arbitrary user input, and post_text (SKILL.md, API_REFERENCE.md) is fetched from external social media platforms. \n
  • Boundary markers: The skill includes a 'Safety Note' specifically instructing the agent to treat these inputs as scoped strictly to content style and to ignore behavioral overrides. \n
  • Capability inventory: The skill performs network operations via fetch to the ProductClank API (scripts/create-campaign.mjs). \n
  • Sanitization: Documentation claims server-side sandboxing for reply generation to limit the influence of untrusted input to the output text.\n- [EXTERNAL_DOWNLOADS]: The skill and its provided scripts rely on external Node.js packages including viem, ethers, and @x402/fetch. These are well-known libraries for blockchain interactions and vendor-specific payment protocols.\n- [COMMAND_EXECUTION]: Documentation and examples describe the use of the communiply CLI tool for managing campaigns from the terminal.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 04:19 AM