The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): A shell command injection vulnerability exists in the rpc_call function within scripts/alchemy.sh. The script interpolates the $params variable directly into a double-quoted string passed to the curl command. Because $params is constructed from user-supplied arguments (such as wallet addresses or contract IDs) without sanitization, an attacker can include a double-quote character followed by shell operators (e.g., ;, &, |) to execute arbitrary system commands.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it retrieves data from the blockchain that can be controlled by third parties.
Ingestion points: Commands such as nfts, nft-metadata, and tokens retrieve names, descriptions, and metadata from external blockchain contracts.
Boundary markers: Absent. The data is returned as raw text or JSON without delimiters or instructions to the agent to disregard embedded commands.
Capability inventory: The skill possesses network access to Alchemy APIs and is susceptible to command execution via the identified shell injection vulnerability.
Sanitization: Absent. There is no filtering or escaping of blockchain data before it is presented to the agent.
[DATA_EXFILTRATION] (SAFE): The skill accesses ~/.openclaw/.env to retrieve the ALCHEMY_API_KEY. While this is a sensitive file path, it is used for legitimate configuration within the skill's intended deployment environment.

alchemy-web3