The Agent Skills Directory

[PERSISTENCE_MECHANISMS]: The script scripts/watch-events-smart.js implements a persistence mechanism by installing cron jobs to monitor blockchain events. It generates shell scripts in ~/.openclaw/cron/ and programmatically updates the user's crontab using system commands.
[DYNAMIC_EXECUTION]: The skill performs runtime generation and execution of shell scripts (.sh) and JSON configuration files. This logic is used to support persistent event monitoring across system restarts.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses highly sensitive private key files located in the ~/.openclaw/secrets/starknet/ directory via scripts/_keys.js. Although this access is central to the skill's wallet-management purpose and includes path-traversal protections, it represents significant sensitive data exposure.
[INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it dynamically interprets and executes actions based on untrusted data from contract ABIs and user-supplied prompts.
Ingestion points: User instructions and blockchain-sourced contract ABIs are processed in scripts/parse-smart.js and scripts/read-smart.js.
Boundary markers: The validatePromptSecurity function in scripts/parse-smart.js utilizes regex-based filtering and the vard library to detect malicious intent.
Capability inventory: The agent can sign transactions, read local files, and modify the system crontab.
Sanitization: Administrative functions like upgrade or set_owner are denylisted in scripts/resolve-smart.js and require explicit user confirmation to proceed.

starknet-anonymous-wallet