neynar
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes untrusted user-generated content from the Farcaster network.
- Ingestion points: The script
scripts/neynar.shfetches external content incmd_user,cmd_feed,cmd_search, andcmd_castfunctions. - Boundary markers: No explicit delimiters or instructions are used to warn the agent to ignore embedded commands in the fetched content.
- Capability inventory: The skill possesses write capabilities including posting casts, liking content, and following users.
- Sanitization: While the script uses
jqto extract and format specific fields, the underlying text content is not sanitized for malicious instructions targeting the agent. - [COMMAND_EXECUTION]: The script executes
curlandjqto interact with the Neynar API. It correctly uses shell variable quoting andjq's argument-passing features (such as--arg) to prevent shell injection vulnerabilities when handling user-provided strings. - [DATA_EXFILTRATION]: The skill performs network operations to
api.neynar.com, which is the official endpoint for the Neynar service. It reads API credentials from a local configuration file (~/.clawdbot/skills/neynar/config.json) and sends them to this endpoint for authentication, which is consistent with the primary purpose of the skill. The script uses heredocs and standard input for POST data to avoid exposing sensitive data in process listings.
Audit Metadata