Skills
skills/openclaw/skills/binance-pay/Gen Agent Trust Hub

binance-pay

Fail

Audited by Gen Agent Trust Hub on Feb 14, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill processes untrusted external content (user-supplied order and refund details) while maintaining capabilities with significant side effects (financial transactions).
  • Ingestion points: Variables such as <ORDER_ID>, <PREPAY_ID>, and order amounts within the shell templates in SKILL.md.
  • Boundary markers: None present; user inputs are interpolated directly into shell script payloads.
  • Capability inventory: Subprocess execution via curl to perform POST requests for order creation, closure, and refunding.
  • Sanitization: No sanitization, escaping, or validation of user-provided inputs is implemented in the provided scripts.
  • Command Execution (LOW): The skill requires the curl, openssl, and jq binaries to be present on the system and uses them to construct and send authenticated API requests. This is expected behavior for this functionality.
  • Data Exfiltration (LOW): The skill transmits transaction data to https://bpay.binanceapi.com. While this is the official API endpoint for Binance Pay, users must be aware that financial data is being sent to a third-party service.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 14, 2026, 02:11 PM