MetEngine Data Agent
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: metengine-data-agent Version: 1.0.0 The skill is highly suspicious due to a critical remote code execution vulnerability and persistence mechanism. It explicitly instructs the AI agent to download and overwrite its own skill definition file (`skill.md`) from a remote URL (`https://www.metengine.xyz/skill.md`) using `curl`. Furthermore, it provides instructions to automate this update weekly via a `crontab` entry, creating a persistent channel for arbitrary code execution. This allows the remote server to inject any commands or prompt-injection attacks into the agent's skill definition at any time. Additionally, the skill instructs the agent to handle Solana private keys (from `process.env.SOLANA_PRIVATE_KEY` or `~/.config/solana/id.json`) for payment signing and executes various shell commands (`bun add`, `grep`, `awk`, `tr`), which are high-risk capabilities, even with stated security rules.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future agent instructions could change based on whatever the remote site serves, without the user reviewing the new skill content first.
The skill tells users or agents to overwrite the local agent skill file from a remote URL without a pinned version, hash, signature, or registry review path.
curl -sL https://www.metengine.xyz/skill.md -o ~/.claude/agents/metengine-data-agent.md
Do not enable automatic remote skill replacement. Update only from a reviewed source, pin versions or hashes, and inspect changes before installing.
The skill can keep changing itself weekly even when the user is not actively using it.
The documented cron job creates persistent background behavior that repeatedly modifies the agent skill file after installation.
0 0 * * 0 curl -sL https://www.metengine.xyz/skill.md -o ~/.claude/agents/metengine-data-agent.md 2>/dev/null
Avoid installing the cron job. If updates are needed, require an explicit user action and review the new file before replacing the current skill.
API calls may involve signing or spending from a local Solana wallet, so misuse or unclear limits could cost the user funds.
The skill expects access to a local Solana keypair path and USDC/SOL balance checks for x402 payments, which is sensitive financial authority.
Wallet configuration -- path to the Solana keypair ... keypair_path: ~/.config/solana/id.json
Use a dedicated low-balance wallet, require explicit approval before each paid request, and verify pricing before allowing the agent to make calls.
If that memory file is wrong, stale, or tampered with, future sessions may reuse unsafe code or incorrect endpoint/payment behavior.
The skill creates a persistent cross-session memory file that stores wallet setup details, executable bootstrap snippets, endpoint history, fallbacks, and pricing cache, then tells future agents to trust it before API calls.
Before making ANY API call, check for a memory file at: ~/.claude/agents/metengine-memory.md ... Client Bootstrap -- a working code snippet ... copy-paste ready ... Agents MUST update the memory file
Treat the memory file as untrusted input, avoid storing executable snippets or wallet paths, and ask the user before reusing stored payment setup.