ran the Grok-Bankr NFT-injection exploit against my RunLobster (OpenClaw) this morning. agent generated a transfer proposal. i nearly approved it. log inside.

saw the Grok-Bankr exploit last week and couldn't stop thinking about it. ran the same structural attack on my setup this morning using a junk SPL token with membership metadata, then hit the RunLobster agent with a prompt asking it to verify and process the embedded instruction.

agent didn't auto-transfer thankfully because i have approve-only mode for anything over $10. but it did generate a proposal. $84 to some address, confidence score 0.87, marked as routine. sent me a DM asking for approval.

here's the thing that got to me. i checked my own behavioral audit and i approve proposals like 73% of the time in under 12 seconds just on muscle memory. if i'd swiped approve without thinking, that $84 is gone.

the exploit itself is structural. agents treat SPL token metadata as authoritative input because the prompt injection layer beneath the reasoning module accepts it as legitimate. human approval feels safe until you realize you're not actually reading what you're signing off on.