fuel
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to retrieve and use "stored credentials" or credit card information to complete automated payments through a Stripe checkout URL.
- [PROMPT_INJECTION]: The agent is commanded to append persistent operational rules to its own system prompt (e.g., SOUL.md), including automated error handling that triggers financial transactions.
- [DATA_EXFILTRATION]: The skill requires the agent to send session identifiers and potentially user email addresses to https://openclaw.rocks/api/fuel/agent-checkout to generate payment links.
- [COMMAND_EXECUTION]: The skill involves the execution of multiple network requests (POST/GET) to non-whitelisted domains and the use of browser tools to automate interactions with external web forms.
Recommendations
- AI detected serious security threats
Audit Metadata