Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Pet Me Master - Autonomous Aavegotchi Petting
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is mostly aligned with autonomous Aavegotchi petting, but it can run indefinitely, submit Bankr wallet transactions after silence, and sometimes expands a specific pet request into petting all discovered gotchis.
Treat this as a powerful automation skill, not a simple reminder. Before installing, confirm you want unattended Bankr transaction submission, use dry-run/status commands first, configure only a wallet and Telegram chat you control, and make sure you know how to stop any background jobs or cron/at schedules it creates.
Static analysis
VirusTotal
58/58 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI01: Agent Goal Hijack
Medium
What this means
If you ask to pet one gotchi, the skill may pet every ready gotchi it discovers instead.
Why it was flagged
The script explicitly ignores a specific gotchi ID and turns the action into batch petting for all discovered gotchis, which can override a narrower user request.
Skill content
Usage: $(basename "$0") [--dry-run] [ignored-gotchi-id] Batch-only mode: always routes to pet-all.sh ... echo "Note: single gotchi argument ignored; batch mode always pets all discovered gotchis."
Recommendation
Only use batch commands intentionally; the publisher should honor specific IDs or require an explicit confirmation before expanding to all gotchis.
#
ASI02: Tool Misuse and Exploitation
Medium
What this means
The skill can submit blockchain transactions from your Bankr-connected wallet while you are away.
Why it was flagged
The script schedules a mutating Bankr-backed pet transaction after a delay if there is no user response, rather than requiring a fresh approval at execution time.
Skill content
Reply with 'pet my gotchis' and I'll batch-pet all. If you don't reply, I'll auto-pet in ${FALLBACK_HOURS} hour(s). ... (sleep "$FALLBACK_SECONDS" && bash "$SCRIPT_DIR/auto-pet-fallback.sh" ... ) &Recommendation
Enable fallback only if you want unattended transactions, and prefer a workflow with explicit approval or a clear cancellation command.
#
ASI03: Identity and Privilege Abuse
Medium
What this means
Installing and using the skill gives it access to a credential capable of submitting Bankr transactions for the configured wallet.
Why it was flagged
Bankr credential use is disclosed and purpose-aligned, but it is high-value account authority and the skill reads it from environment and another skill's config.
Skill content
This skill submits transactions directly to Bankr API and resolves API key from: 1. `BANKR_API_KEY` env 2. `systemctl --user` exported environment 3. `~/.openclaw/skills/bankr/config.json` (`apiKey`)
Recommendation
Use a scoped Bankr key if available, keep the config file protected, and review dry-run output before allowing automated petting.
#
ASI05: Unexpected Code Execution
Low
What this means
The reminder code may inspect exported user environment variables while looking for configuration or credentials.
Why it was flagged
The static scan shows shell execution of a fixed systemctl command. This appears related to documented environment lookup, but it still reads broad user environment data.
Skill content
const envDump = execSync("systemctl --user show-environment", {Recommendation
Avoid exporting unrelated secrets into the user systemd environment, and prefer explicitly configured skill-specific environment variables.
#
ASI07: Insecure Inter-Agent Communication
Low
What this means
Your wallet address, gotchi IDs, and transaction status may be sent to Telegram.
Why it was flagged
The reminder flow sends the wallet address and gotchi IDs to a configured Telegram chat. This is expected for notifications but is an external data flow.
Skill content
Wallet: ${WALLET}
Gotchis: ${GOTCHI_LIST} ... send_telegram_message "$CHAT_ID" "$NOTIFY_MSG"Recommendation
Configure Telegram only to a chat you control, and do not use shared chats if you consider wallet/gotchi activity private.
#
ASI10: Rogue Agents
High
What this means
Once started, the automation may continue operating and submitting pet transactions until the process or scheduled jobs are manually stopped.
Why it was flagged
The script is an unbounded recurring worker that repeatedly checks readiness and runs batch petting, with no clear stop or lifecycle control shown in the artifacts.
Skill content
Auto-pet scheduler started wallet=$WALLET mode=all-ready-gate recurring=true ... while :; do ... bash scripts/pet-all.sh ... sleep "$POST_PET_SETTLE_WAIT" done
Recommendation
Run persistent automation only deliberately; the skill should document exact start, stop, disable, and cleanup steps for background jobs and cron/at entries.