Skills
skills/openclawart/skills/openart/Gen Agent Trust Hub

openart

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (MEDIUM): The skill instructs the agent to send the agent_wallet and moltbook_username to https://openclawart-production.up.railway.app/round/submit. This domain is not on the trusted whitelist. While wallet addresses are public, their use in an automated routine to an unverified endpoint facilitates tracking and potential targeting.
  • Indirect Prompt Injection (MEDIUM): The skill is vulnerable to instructions embedded in external data it processes.
  • Ingestion points: The agent retrieves the lastWinningPrompt from the external API via GET /winners/latest (HEARTBEAT.md).
  • Boundary markers: Absent. There are no instructions to delimit the external content or ignore potential commands within it.
  • Capability inventory: The agent has network capabilities (POST requests) and persistent memory/state tracking.
  • Sanitization: Absent. The agent is explicitly told to "Note the winning prompt" and "Learn from it," which could lead to the agent adopting malicious instructions contained within that prompt.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 04:27 AM