clawhunter-bounties

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.72). Outsider free text can enter the LLM context via the runtime ingestion of bounty fields like reasoning and agentPlan returned by GET /api/v1/bounties/{id} / GET /api/v1/bounties/{id}/report (crowdsourced venue content triaged into plain-English), which originates from third-party bounty creators/venues the operating user didn’t author.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires fetching live specs from https://clawhunter.fun/llms.txt (and related https://clawhunter.fun APIs) at runtime, and those API responses (agentPlan and createWith entries) directly supply the step-by-step agent instructions and pre-filled tool calls that control prompts and execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires and integrates crypto payments: paid endpoints are "pay-per-call in USDC on Solana or Base via x402", return HTTP 402 with payment requirements, and an "x402-capable client pays and retries automatically." This is a specific crypto payment execution flow (blockchain settlement) rather than a generic mention of money, so it provides direct financial execution capability.