ens-primary-name

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The ENS links and example images are legitimate/benign, but the skill instructs installing and executing a wallet-related "bankr" tool from an unvetted GitHub repository (https://github.com/BankrBot/openclaw-skills) and running shell scripts that sign transactions — executing unreviewed code that can access private keys is high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and parses user-controlled ENS data from public third-party endpoints (notably the Graph subgraph at https://api.thegraph.com/subgraphs/name/ensdomains/ens and public RPC endpoints) and decodes/prints resolver, resolvedAddress, reverse name and avatar URLs as part of its workflow, so untrusted/user-generated content is ingested and interpreted.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires transaction signing and submission via a wallet API (the "bankr" skill / Bankr API) and shows concrete examples of calling bankr.sh with a transaction JSON (to, data, value, chainId). It encodes and sends on-chain transactions (across Base/Arbitrum/Optimism/Ethereum) and instructs how to replace the signer with other wallet tooling. This is explicit crypto/blockchain signing/submission capability — i.e., direct ability to execute on-chain transactions — which falls under Direct Financial Execution.