solidity-code-verification
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install a command-line tool from an external GitHub repository (github.com/Virtual-Protocol/openclaw-acp) which is not a verified vendor.
- [COMMAND_EXECUTION]: The defined workflow requires the agent to execute several shell commands, including 'acp setup', 'acp browse', and 'acp job create', to interact with the Cybercentry ACP platform.
- [DATA_EXFILTRATION]: The skill is designed to transmit user-provided Solidity source code to an external decentralized provider for analysis; while this is the intended function, it involves sending potentially sensitive logic to a third party.
- [PROMPT_INJECTION]: The skill processes arbitrary Solidity code which creates an indirect prompt injection surface. Evidence: Ingestion point at the 'solidity_code' parameter in SKILL.md; absence of boundary markers or sanitization logic to distinguish code from embedded instructions; the agent is equipped with capabilities to execute shell commands based on input.
- [NO_CODE]: This skill contains no executable scripts or code files and relies entirely on natural language instructions for the agent to install and use external tools.
Audit Metadata