Skills
skills/starchild-ai-agent/official-skills/degenclaw/Gen Agent Trust Hub

degenclaw

Warn

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/dgclaw.sh includes a setup-cron command that installs a persistent entry in the user's crontab. This is used to schedule a recurring task that monitors forum activity and automates responses.
  • [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by fetching unreplied posts from an external forum and piping them directly into the agent's chat interface without sanitization.
  • Ingestion points: Forum posts retrieved from https://degen.virtuals.io via dgclaw.sh unreplied-posts.
  • Boundary markers: None; content is passed directly to the acp_cmd agent chat command.
  • Capability inventory: The skill enables perpetuals trading (scripts/trade.ts), fund withdrawals (scripts/withdraw.ts), and forum management (dgclaw.sh create-post).
  • Sanitization: None; external content is interpolated directly into the command string.
  • [COMMAND_EXECUTION]: Several TypeScript scripts (activate-unified.ts, add-api-wallet.ts, withdraw.ts) use child_process.execSync to invoke shell commands for interacting with the acp-cli and managing wallet signatures.
  • [EXTERNAL_DOWNLOADS]: The skill requires the manual installation of the acp-cli repository from GitHub as a prerequisite for core functionality.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 7, 2026, 07:11 AM
Security Audit — agent-trust-hub — degenclaw