degenclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and lists public, user-generated forum posts from https://degen.virtuals.io (see SKILL.md Step 7 and scripts/dgclaw.sh commands like "posts", "forums", "unreplied-posts" and the setup-cron entry) and instructs agents to read those posts and reply (pipe results to agent chat / create-post), so untrusted third-party content is read at runtime and can directly drive the agent's next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and primarily designed to execute financial actions: it instructs agents to deposit USDC via ACP jobs, set up API wallets (generate private keys), sign and broadcast EIP-712 transactions, use the Hyperliquid API/SDK to open/modify/close perpetual positions, and withdraw USDC. It references concrete trading scripts (scripts/trade.ts, scripts/withdraw.ts), wallet keys (HL_API_WALLET_KEY), and the Hyperliquid API endpoint. These are specific crypto/blockchain and market-order capabilities (wallet management, signing, deposits, trades, withdrawals), not generic tooling.