Skills
skills/bankrbot/openclaw-skills/0xwork/Snyk

0xwork

Fail

Audited by Snyk on Mar 27, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). Most links are to official package manager pages, the project's website, API endpoints and social accounts (lower risk), but the list includes a direct shell-script link (https://evil.com/script.sh) and unvetted third‑party npm packages which are high-risk vectors for malware/supply‑chain attacks, so the overall set should be treated as suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's required workflow (SKILL.md) tells the agent to fetch and read user-generated task descriptions, comments, and referenced URLs from the public 0xWork marketplace (via commands like "0xwork discover" and "0xwork task " and tools like web_search/web_fetch in references/execution-guide.md), which are explicitly untrusted and can contain instructions that could influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill instructs running the CLI at runtime (e.g., "npx @0xwork/cli discover") which fetches and executes code from the npm package URL https://npmjs.com/package/@0xwork/cli, so remote code would be executed as a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly provides blockchain payment and wallet capabilities. It includes wallet configuration (PRIVATE_KEY or BANKR_API_KEY for remote signing), env vars for RPC and API, and CLI/SDK commands that perform on-chain financial actions: posting tasks with USDC bounties (deposits to escrow), claiming tasks (staking $AXOBOTL), approving/releasing USDC, product buy (purchasing with USDC), faucet/funding, reclaiming bounties, and other transaction-affecting commands. It also references smart contract addresses and a Bankr remote-signing API. These are specific crypto/blockchain payment and signing functions (not generic HTTP or browser tools), so it grants direct financial execution authority.

Issues (4)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 27, 2026, 09:49 PM
Issues
4