storyclaw-x2c-publish
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to store sensitive API keys in the
credentials/directory, specifically using files named after aUSER_ID. This directory is considered a sensitive path, and accessing files based on user-provided identifiers without explicit validation could lead to path traversal or unauthorized credential access. - [COMMAND_EXECUTION]: All API interactions, including wallet operations like claiming rewards and withdrawing USDC, are performed via
curlsystem commands. Executing shell commands for financial transactions increases the risk of command injection if parameters like addresses or amounts are not properly sanitized. - [DATA_EXFILTRATION]: The
X2C_API_KEYis transmitted to a remote endpoint specified by theX2C_API_BASE_URLenvironment variable. If this variable is pointed to an untrusted domain, sensitive authentication tokens would be exfiltrated to that destination. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8).
- Ingestion points: External data enters the context through video titles, descriptions, and URLs provided during the distribution workflow (
SKILL.md). - Boundary markers: The instructions do not include boundary markers or delimiters to isolate untrusted data from the agent's command instructions.
- Capability inventory: The skill possesses network and command execution capabilities via
curl(SKILL.md). - Sanitization: There is no evidence of sanitization or validation of the ingested strings before they are incorporated into API request payloads.
Audit Metadata