Buddhist Counsel
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: buddhist-counsel Version: 1.0.0 The skill bundle is suspicious due to a significant shell injection vulnerability risk. The `SKILL.md` instructs the agent to construct a `npx awal` command where the `situation` field, which takes user-provided input, is directly interpolated into the `-d` argument. If not properly sanitized by the agent's execution environment, this could allow a malicious user to inject arbitrary shell commands. Additionally, the reliance on `npx` to execute a third-party tool (`awal`) for authentication and cryptocurrency payments introduces supply chain risks and involves sensitive operations, even if the stated purpose is benign.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent invokes the skill repeatedly or automatically, it could spend the user's USDC balance without the user noticing each charge.
The skill uses an authenticated payment account to spend USDC on each request, but the instructions do not define per-request confirmation, budgets, rate limits, or other containment.
Pay $0.01 USDC per request via x402 protocol ... Payment | x402 automatic USDC via `npx awal@2.0.3 x402 pay`
Require explicit user approval before every paid request, set a small spending limit, and make clear which Awal account or wallet will be charged.
Personal mental-health information may leave the local conversation and be processed by an external service.
The required payload can contain sensitive mental-health or crisis details and is sent to a third-party endpoint; the provided artifacts do not describe privacy, retention, or consent controls.
URL (Production) | `https://anicca-proxy-production.up.railway.app/api/x402/buddhist-counsel` ... `situation` | string | MUST | Suffering description (max 2000 chars)
Ask the user before sending personal details, minimize identifying information, and provide clear privacy and retention terms for the external API.
Using the skill may run third-party CLI code through npx even though the registry lists no install requirements.
The skill depends on executing an external npm CLI for authentication and payment. The version is pinned and this is central to the stated purpose, but users still need to trust that package.
npx awal@2.0.3 status ... npx awal@2.0.3 auth login <email> ... npx awal@2.0.3 x402 pay
Verify the Awal CLI package source before use, and consider declaring npx/awal as an explicit requirement.