Skills
skills/openclaw/skills/authenticate-wallet/Gen Agent Trust Hub

authenticate-wallet

Fail

Audited by Gen Agent Trust Hub on Feb 14, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (HIGH): The skill relies on npx awal@latest, which downloads and executes code from the npm registry every time a tool is called. The awal package is not from a trusted source, and using the @latest tag makes the agent highly vulnerable to supply chain attacks or malicious package updates.
  • Indirect Prompt Injection (HIGH): The skill defines a flow where the agent reads a user's email to extract an OTP. This creates a dangerous ingestion point for untrusted external data. Without explicit sanitization or boundary markers, an attacker could send a malicious email containing instructions that override the agent's behavior during the wallet authentication process.
  • Privilege Escalation (MEDIUM): The allowed-tools configuration uses broad wildcards (e.g., auth * and status*). This grants the agent excessive permission to execute any subcommand or flag supported by the CLI tool, rather than limiting it to the specific commands required for the task.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 14, 2026, 06:02 PM