Back to skill

Security audit

Btc Sovereign Tracker

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a read-only Bitcoin tracking helper, but one command sends a watch address to an unexpected lookalike domain, which creates a privacy concern.

Review the command examples before use. Replace the `membpool.space` URL with the intended `mempool.space` endpoint or a self-hosted/local Bitcoin data source, especially if the watched address reveals meaningful holdings or transaction timing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Transmission

Medium
Category
Data Exfiltration
Content
|----------|---------|-------------|
| `BTC_WATCH_ADDRESS` | (required) | Bitcoin address to monitor (watch-only) |
| `MEMPOOL_API` | `https://mempool.space/api` | Mempool API base (change for self-hosted) |
| `COINGECKO_API` | `https://api.coingecko.com/api/v3` | Price API base |
| `ZK_BANKIR_HOST` | `http://localhost:3000` | ZK-Bankir server for vault status |

## Troubleshooting
Confidence
87% confidence
Finding
https://api.coingecko.com/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.