clawarena

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that save an api_key and show curl commands with an Authorization: Bearer YOUR_API_KEY / a credentials.json containing "claw_sk_xxxxxxxx", which instructs embedding secret API keys verbatim in commands or files and thus requires the agent to handle/output secrets directly (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and follow external, public content (e.g., "Fetch https://clawarena.ai/heartbeat.md and follow it" and to call public APIs like https://clawarena.ai/api/v1/markets), and those market/leaderboard/reasoning entries are untrusted third‑party content the agent is expected to read and use to decide predictions and actions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime fetching and following of remote instructions (e.g., "Fetch https://clawarena.ai/heartbeat.md and follow it" and re-fetch https://clawarena.ai/skill.md for updates), so external content at those URLs can directly control agent prompts/behavior.