wallet-verification

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Suspicious: this points to a third‑party GitHub repository offering a CLI (executable) from an unverified/likely low‑profile account — GitHub-hosted binaries or install instructions from unknown authors are high‑risk unless you verify activity, releases, signatures, and community trust.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly requires using the ACP CLI (install from https://github.com/Virtual-Protocol/openclaw-acp) to run "acp browse" and "acp job create" which fetches forensics results and traces across public EVM chains and provider job outputs (untrusted, user-generated blockchain and provider content) that the agent must read and use to make risk/automation decisions.