clanker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes runtime calls that ingest public, user-provided content—e.g., IPFS image URIs and socialMediaUrls in metadata and the registerAirdrop / fetchAirdropProofs flows that read/store Merkle trees via the Clanker service—so the agent will fetch and interpret untrusted third-party content during normal workflows.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto token deployment and management SDK. It requires a private key, constructs a wallet client, and exposes transaction-producing functions: clanker.deploy (deploys ERC20 and liquidity pools), devBuy (performs an ETH purchase), claimVaultedTokens / claimRewards (claims tokens/fees), and updateMetadata/updateImage (tx-producing updates). These are specific blockchain/crypto operations that sign and send transactions (move funds/tokens), so it grants direct financial execution capability.