nft

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly instructs fetching and processing NFT metadata (e.g., "Retrieve and display NFT metadata", the GET /api/nft/{tokenId}/metadata endpoint, and examples using token URIs like ipfs://hash), which are public, user-provided resources the agent would read and act on, exposing it to untrusted third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform blockchain financial operations: it provides commands and API endpoints to mint (create) and transfer NFTs, estimate and set gas, sign transactions with a wallet, and return transaction hashes. Examples: claw nft create --network ethereum --wallet <address> (mints and signs a transaction), claw nft transfer --from <sender> --to <receiver> --tokenId <id> (moves an asset on-chain), and POST /api/nft/create which returns a transactionHash. It also references wallet management, RPC endpoints, and approval handling. These are specific crypto/blockchain execution capabilities (transaction signing and asset transfers), not generic tooling.