Skills
skills/jh941213/openclaw-upbit-skills/upbit-manual-trading/Gen Agent Trust Hub

upbit-manual-trading

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted chat messages from external messaging platforms to trigger financial transactions.
  • Ingestion points: User chat messages from Telegram, Discord, and WhatsApp (README.md).
  • Boundary markers: No explicit delimiters or boundary markers for untrusted input are defined in the provided configuration files to prevent the AI from obeying instructions embedded in the chat data.
  • Capability inventory: The skill interacts with the Upbit API to perform balance checks, market price lookups, and order execution (buy/sell) (SKILL.md).
  • Sanitization: The documentation mentions safety features such as confirmation requests for trades exceeding 100,000 KRW and configurable daily transaction limits (SKILL.md).- [EXTERNAL_DOWNLOADS]: Fetches skill source code and dependencies from a remote repository.
  • The installation instructions guide users to clone the project from the author's GitHub repository: https://github.com/jh941213/openclaw.git.- [COMMAND_EXECUTION]: Provides instructions for local command execution during the setup and installation process.
  • Setup steps include executing git clone, pnpm install, and pnpm build to prepare the environment (README.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 04:00 PM