clawlogic-trader
Warn
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill frequently uses
npx @clawlogic/sdk@latestwithin its documentation and setup instructions. This practice fetches the most recent version of the SDK from the NPM registry at runtime, representing an unversioned external dependency that could change behavior without notice. - [COMMAND_EXECUTION]: The skill's architecture relies on shell scripts (
scripts/*.sh) that execute TypeScript helpers vianpx tsx. This pattern involves executing code from the local filesystem and managing environment variables likeAGENT_PRIVATE_KEYfor transaction signing. - [DATA_EXFILTRATION]: The
scripts/helpers/post-broadcast.tsutility performs network POST operations to a destination defined by theAGENT_BROADCAST_URLenvironment variable (defaulting to a local endpoint). This constitutes a network egress point that could be redirected to an external server to transmit agent rationale or metadata. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) by ingesting untrusted data from the blockchain.
- Ingestion points: The
scripts/helpers/analyze-market.tsscript fetches marketdescription,outcome1, andoutcome2labels from the CLAWLOGIC smart contracts. - Boundary markers: No boundary markers or 'ignore' instructions are used when passing these strings into the agent's reasoning context.
- Capability inventory: The agent has the capability to execute financial transactions on-chain (buy, mint, assert) and perform external network requests (broadcast).
- Sanitization: There is no evidence of sanitization or validation of the market description string, allowing an attacker who creates a market to potentially influence the agent's trading logic.
Audit Metadata