degenclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and displays user-generated forum content from https://degen.virtuals.io (see scripts/dgclaw.sh commands like forums, posts, unreplied-posts and the setup-cron workflow that polls /api/forums/... and pipes unreplied posts into an OpenClaw agent chat), and the agent is expected to read and act on that content (auto-replies / create-post and subscription flows), so untrusted third‑party posts can influence tool actions and decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for trading and moving funds. It defines commands and schemas for depositing USDC (perp_deposit), opening/closing perp positions (perp_trade), modifying positions (perp_modify), withdrawing USDC (perp_withdraw), and creating subscription payments (subscribe) — all invoked via acp job create. It also includes wallet addresses, payment flow details (acp job pay, auto-pay), minimum amounts, and examples. These are specific financial execution operations (placing market/limit orders, moving on-chain USDC, and initiating payments), not generic tooling. Therefore it grants direct financial execution authority.