claw-x402

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly calls the public OmniAPI endpoint (https://omniapi-production-7de2.up.railway.app) to fetch Twitter and Instagram data (e.g., /user-tweets, /instagram/posts) as part of its required workflow, which returns untrusted, user-generated content that the agent would read and could use to influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running "npx awal@latest" at runtime, which fetches and executes remote code from the npm registry (e.g., https://registry.npmjs.org/awal), making it a required external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates a crypto payment flow: it requires a USDC-funded wallet, shows commands to authenticate the wallet, check balance/address, and uses the x402 protocol via "npx awal@latest x402 pay" to pay per-request. Those are concrete wallet/payment operations (sending USDC, funding the wallet, checking balance/address) — not generic HTTP or browser automation. Because it provides direct ability to sign/pay with crypto on behalf of the agent, it constitutes direct financial execution capability.