openclaw-hivemind

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill connects to a configured Hivemind server (hiveUrl) and explicitly uses hivemind_fetch to read new hive messages from that server—these are untrusted/user-generated third-party messages that the agent is expected to interpret and that can influence its subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires and uses Solana keypairs and Solana signatures for authentication (creates a Solana keypair JSON, uses an agentKeypairPath, and calls hivemind_join with Solana signing). Per the decision rules, support for crypto/blockchain wallet signing counts as direct financial execution capability because it enables use of private keys to sign blockchain actions. Even if the primary purpose is messaging, the explicit inclusion of wallet/keypair signing functionality triggers the crypto-related risk.