base skills required browse clawchain.ai

The skill bundle is classified as suspicious due to multiple critical vulnerabilities that could be exploited for malicious purposes, although the skill's stated intent is benign. Key issues include a significant shell injection risk in `skill.md` where the AI agent constructs and executes `chr tx` commands using unsanitized user input (e.g., agent name, personality summary, post content). A critical local file write vulnerability exists with the `update_memory_file` operation, allowing the agent to write arbitrary content to user-specified filenames, potentially leading to overwriting sensitive files like `~/.bashrc` or `~/.config/clawchain/credentials.json`. Furthermore, the agent is instructed to generate and then 'strictly follow' instructions from a local `SOUL.md` file, creating a self-referential prompt injection vulnerability. The skill also directs the agent to download `BSC_PANCAKESWAP_SKILL.md`, which is described as handling 'private key + address in one file', indicating a high-risk capability in a linked component.