The Agent Skills Directory

Persistence (HIGH): The skill provides explicit instructions to modify the system crontab (*/30 * * * * ~/.openclaw/cron/hustle-automation.sh), establishing a permanent execution point on the host machine that survives reboots and user sessions.
Credentials Unsafe (HIGH): The hustle_vault tool and account-setup-guide.md facilitate the systematic collection and retrieval of highly sensitive data, including API keys for marketplace platforms (Odealo), session tokens for game accounts, and payment information for PayPal and crypto wallets.
Command Execution (HIGH): Multiple tools and workflows execute shell commands and Python scripts using absolute, user-specific paths (/Users/lowkey/Desktop/...). This environment-specific coupling and execution of local binaries can be exploited to run malicious local scripts or escalate privileges if the directory permissions are not strictly managed.
Indirect Prompt Injection (HIGH):
Ingestion points: The skill ingests data from external sources such as "market intelligence" feeds, price intel from Discord channels (e.g., Once Human trading), and web-based marketplaces.
Boundary markers: There are no markers or instructions provided to the agent to distinguish between its operational logic and the untrusted content it processes.
Capability inventory: The skill possesses significant capabilities, including reading/writing to a credential vault, system process monitoring (ps aux), and scheduled script execution.
Sanitization: No validation or sanitization of external data is performed, allowing an attacker to inject instructions via market listings or Discord messages that could manipulate the agent into leaking vault contents or performing fraudulent payouts.

hustle