Skill Trust Decision
Bounty Hunter Agent
SKILL.md exposes multiple hardcoded credentials (DeepSeek API key, Soul marketplace key) in plaintext documentation, creating severe credential theft risk if this file is shared or accessed by unauthorized parties.
Most direct threat evidence
Critical Credential Theft
Hardcoded DeepSeek API Key in Documentation A valid DeepSeek API key (sk-5aa202974f284ecc9a82c95d9c7ca23e) is hardcoded in plaintext within SKILL.md. If this file is shared, published to ClawHub, or exposed in any way, the API key can be harvested and abused by threat actors.
SKILL.md:75 Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 4 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
Attack Chain
01
Attacker obtains SKILL.md through ClawHub publication, repo leak, or shared documentation
reconnaissance · SKILL.md:1
02
Attacker extracts hardcoded DeepSeek API key from SKILL.md line 75
Discovery · SKILL.md:75
03
Attacker extracts Soul marketplace key from SKILL.md line 26
Discovery · SKILL.md:26
04
Attacker abuses stolen API credentials for their own AI services or resells them
Impact · N/A
What drove the risk score up
Hardcoded API key exposure +30
DeepSeek API key 'sk-5aa202974f284ecc9a82c95d9c7ca23e' exposed in SKILL.md line 75
Additional credential exposure +20
Soul marketplace key exposed in plaintext at line 26
No tool declarations present +5
Skill file lacks declared allowed-tools, cannot map to capability model
Documentation as attack surface +10
SKILL.md serves as agent instruction, credentials embedded in prompts could be extracted by malicious prompts
Most important evidence
Critical Credential Theft
Hardcoded DeepSeek API Key in Documentation
A valid DeepSeek API key (sk-5aa202974f284ecc9a82c95d9c7ca23e) is hardcoded in plaintext within SKILL.md. If this file is shared, published to ClawHub, or exposed in any way, the API key can be harvested and abused by threat actors.
SKILL.md:75 Remove the API key immediately. Use environment variable reference: ${DEEPSEEK_API_KEY} or document that users must set their own API key.
Critical Credential Theft
Hardcoded Soul Marketplace Key in Documentation
Soul marketplace authentication key is hardcoded in plaintext within SKILL.md, exposing the agent's marketplace credentials.
SKILL.md:26 Remove the Soul key from documentation. Use placeholder or document that this must be configured by the user.
Medium Doc Mismatch
No Declared Allowed-Tools Section
SKILL.md lacks an allowed-tools declaration, making it impossible to audit what resources this skill actually requires. This violates the expectation that SKILL.md should declare all permissions.
SKILL.md:1 Add an allowed-tools section documenting the minimal permissions required (e.g., shell:NONE, filesystem:READ for logs directory).
Medium Sensitive Access
References to Sensitive File Paths
SKILL.md references ~/.openclaw/workspace paths that may contain sensitive data (wallet backups, logs). While not directly accessing these, documenting them increases the attack surface.
SKILL.md:104 Avoid documenting exact paths to sensitive files. Use generic references instead.
Declared capability vs actual capability
Filesystem Pass
Declared NONE
→ Inferred NONE
No file operations in this documentation-only skill Network Pass
Declared NONE
→ Inferred NONE
No network calls defined; credentials are static references Shell Pass
Declared NONE
→ Inferred NONE
No shell commands in documentation Environment Block
Declared NONE
→ Inferred READ
References to env vars implied by configuration but not formally declared Suspicious artifacts and egress
Critical API Key
sk-5aa202974f284ecc9a82c95d9c7ca23e SKILL.md:75
Medium External URL
https://soul.mds.markets/gellycat-adam-ai SKILL.md:17
Medium Wallet Address
0x9d90d0e0b951fe9a7bbdfc274259cd8110349fc0 SKILL.md:30
Dependencies and supply chain
There are no structured dependency warnings.
File composition
1 files · 178 lines
Markdown 1 files · 178 lines
Files of concern · 1
SKILL.md Hardcoded DeepSeek API Key in Documentation · Hardcoded Soul Marketplace Key in Documentation · No Declared Allowed-Tools Section · References to Sensitive File Paths · sk-5aa202974f284ecc9a82c95d9c7ca23e · https://soul.mds.markets/gellycat-adam-ai · 0x9d90d0e0b951fe9a7bbdfc274259cd8110349fc0
Security positives
No executable code present - purely documentation
No shell commands or subprocess calls
No network requests or data exfiltration patterns
No obfuscation techniques observed
No supply chain dependencies to audit