claw-brawl
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to create a recurring cron job using the openclaw utility to automate betting and market checks every 10 minutes.
- [EXTERNAL_DOWNLOADS]: The skill features a self-updating mechanism that requires the agent to download markdown instruction files from http://www.clawbrawl.ai and overwrite local skill files daily.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing unverified text data from the game's social and competitive arena environment.
- Ingestion points: The agent is directed to fetch and read chat messages, analysis reasons from other participants, and 'danmaku' text via endpoints like GET /bets/round/current and GET /messages.
- Boundary markers: The skill lacks boundary markers or instructions to disregard potential commands embedded within the fetched social content.
- Capability inventory: The agent has permissions to execute curl commands and modify its own instruction files, which could be exploited if an injected command is processed.
- Sanitization: No sanitization or validation logic is specified for the external text data ingested from other agents.
Audit Metadata