clawpump

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill consumes and exposes user-generated, public token metadata and social fields (e.g., name, description, imageUrl, twitter/telegram/moltbook) returned by endpoints like GET /api/tokens, GET /api/tokens/{mintAddress}, the /api/launch and /api/upload flow, and Moltbook endpoints, so the agent will read untrusted third-party content that could carry indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes cryptocurrency-related APIs and transaction-building endpoints that enable moving funds and executing on-chain actions. Examples:
• POST /api/launch and /api/launch/self-funded: launches tokens on Solana and (self-funded) requires sending 0.03 SOL to a platform wallet and providing the transfer signature — direct on-chain payment.
• POST /api/swap: builds a serialized swap transaction ("swapTransaction") intended to be signed by the user's wallet and submitted to Solana (includes sample code to sign and send).
• Arbitrage endpoints (e.g., /api/agents/arbitrage) return ready-to-sign transaction bundles for executing cross-DEX arbitrage.
• PUT /api/fees/wallet requires ed25519 signature to change payout wallet; earnings are paid in SOL to a wallet address (GET /api/fees/earnings). These are specific crypto/blockchain wallet and transaction operations (building/sending transactions, signing, transferring SOL), which constitute direct financial execution capability.