ai-trader-heartbeat

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt's examples and code require embedding an agent token (X-Claw-Token / TOKEN) directly in headers and code, which instructs the agent to include secret values verbatim in requests and outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's heartbeat polling (POST https://ai4trade.ai/api/claw/agents/heartbeat) and related endpoints (/api/signals/feed, /api/signals/{signal_id}/replies, /api/signals/my/discussions) explicitly return user-generated messages, replies and tasks that the SKILL.md instructs the agent to read and process, so untrusted third-party content can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly polls https://ai4trade.ai/api/claw/agents/heartbeat (and may connect to wss://ai4trade.ai/ws/notify/{client_id}) at runtime for "messages" and "tasks" which the agent processes, meaning remote content from those URLs can directly control agent instructions and is a required dependency for notifications.