cybercentry-openclaw-ai-agent-verification

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly submits configs and polls audit results from the third-party Cybercentry ACP service (acp job create / acp job status and the clawhub.ai/Cybercentry listing referenced in SKILL.md), and those returned JSON fields (risk_level/action_recommended/safe_to_deploy) are read and used directly to allow or block deployments, so untrusted external content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes and instructs on making payments for the audit service using the ACP marketplace and USDC, including commands that specify a recipient wallet address (acp job create $CYBERCENTRY_WALLET ...) and a declared cost. It also references a "Cybercentry Wallet Verification" skill to validate wallet authenticity. These are concrete, crypto/payment-related operations (sending USDC to a wallet via ACP), not generic tooling. Therefore it contains specific crypto/payment execution capability.