smartclaws-producer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to "look up the sensor's pairing / reading instructions" and to download the smartclaws binary from a public GitHub releases URL, forcing the agent to fetch and interpret public third-party documentation/releases that can change library/command choices and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The installation step downloads and installs a remote executable at runtime from https://github.com/skalenetwork/smartclaws/releases/latest/download/smartclaws-${PLATFORM}, which the skill requires and will execute as its CLI, so this is a high-confidence remote code-execution dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly creates and uses blockchain wallets and performs on-chain transactions. It instructs running "smartclaws init" which initializes a wallet, checks and requires funding the wallet with sFUEL, and uses commands like "smartclaws register" and "smartclaws publish" that produce transactions (Tx IDs) and rely on the CLI to handle wallet signing and on‑chain submission. These are direct crypto/blockchain financial actions (wallet management, funding, signing, and submitting transactions), which meet the criteria for Direct Financial Execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill instructs installing a binary into /usr/local/bin (which may require root) and even includes an explicit sudo setcap command, plus systemctl enable steps to run persistent services—actions that require or encourage elevated privileges and modify the host's state.