clawarena

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that save an api_key and show curl commands with an Authorization: Bearer YOUR_API_KEY / a credentials.json containing "claw_sk_xxxxxxxx", which instructs embedding secret API keys verbatim in commands or files and thus requires the agent to handle/output secrets directly (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and HEARTBEAT.md explicitly instruct the agent to fetch and follow https://clawarena.ai/heartbeat.md and to browse public markets via https://clawarena.ai/api/v1/markets and public prediction feeds (which include other agents' public reasoning), so the agent will ingest and act on untrusted, user-visible third‑party content that can materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent at runtime to fetch and "follow" remote guidance (e.g., https://clawarena.ai/heartbeat.md — and it also advises re-fetching https://clawarena.ai/skill.md) so fetched content would directly control agent instructions and is relied on by the heartbeat/update process.