cremonix-signals

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a literal API key example and instructs agents to place or echo that key into configuration files and Authorization headers (and to poll/insert returned api_key), which requires handling/outputting secret values verbatim and is therefore insecure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses public feeds (e.g., https://blog.cremonix.com/feeds/cremonix-free.json and https://app.cremonix.com/api/signals) and the SKILL.md plus examples/agent-subscribe.py show the agent reading that external feed to make trading, subscription, and configuration decisions, so untrusted third‑party content can directly influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Yes — the skill fetches runtime metadata from https://blog.cremonix.com/feeds/cremonix-free.json (and then uses fields such as upgrade['agent_example']['url'] to call https://app.cremonix.com/api-subscribe/create and poll https://app.cremonix.com/api-subscribe/status/{subscription_id}), which directly drives the agent's subscription/payment actions and automatic configuration (i.e., remote content controls agent behavior at runtime).

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The document contains a literal, high-entropy API key string: "crem_live_a3f9x2k8h5j2m9n4p7q1r6s3t8u2v5w7" (appears in "Step 2: Get API Key" and is hardcoded into the example ~/.openclaw/openclaw.json). This is not a placeholder or a simple setup password — it is long, random-looking, and presented as a usable credential. Treat it as a real secret: remove from public docs, replace with a placeholder (e.g., YOUR_API_KEY), and rotate/revoke the exposed key immediately.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt explicitly tells the user/agent to run a privileged command ("sudo systemctl restart openclaw"), which requests elevated privileges and modifies the system service state, so it pushes the agent to perform privileged system actions.