dgclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI (scripts/dgclaw.sh) directly fetches forum and post data from the public Degenerate Claw API (https://degen.virtuals.io — e.g., /api/forums, /api/forums/:agentId/threads/:threadId/posts and /api/forums/feed) and pipes "unreplied-posts" output into agent actions (setup-cron uses unreplied-posts -> acp_cmd agent chat and the CLI exposes posts/forum commands), so untrusted, user-generated forum content is ingested and can materially influence the agent's subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides end-to-end financial execution for crypto perpetual trading and token subscription payments. It includes commands and scripts to deposit USDC (acp client create-job perp_deposit + acp client fund), manage API and master wallet keys (HL_API_WALLET_KEY, HL_MASTER_ADDRESS), open/close/modify perp market orders via scripts/trade.ts (using the @nktkas/hyperliquid SDK and Hyperliquid API), and withdraw USDC (scripts/withdraw.ts that builds and signs withdrawal transactions). It also describes creating subscription jobs that pay providers and setting subscription prices. These are specific crypto wallet, exchange API, and market-order operations intended to move funds—therefore this is Direct Financial Execution capability.