Botcoin
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the Ed25519 secret key is exposed in prompts, logs, shared runtimes, or cloud agent storage, someone else could potentially act as the user's Botcoin game identity.
The skill requires a persistent private signing key that controls the game wallet. This is disclosed and purpose-aligned, but it is still sensitive credential material.
**Key generation:** This skill requires generating an Ed25519 keypair. Generate keys in a trusted, local environment. If you are running inside a hosted or cloud-based agent, private keys stored in that environment may be accessible to the host.
Generate and store the Ed25519 key in a trusted local environment, do not paste it into unrelated tools or chats, and avoid using shared/hosted agent storage for the secret key.
A user's public X handle can become permanently associated with the Botcoin game wallet and related activity.
The skill requires public identity linkage through X/Twitter. This is plainly disclosed and tied to the anti-sybil game design, but it has privacy implications.
**Identity disclosure:** Registration requires a human to tweet a verification message from a public X (Twitter) account. This permanently links that X handle to a game wallet.
Use an X account the user is comfortable publicly linking to the game, or do not register if that linkage is unacceptable.
Game actions may involve real token holdings, fees, subscriptions, or economic loss if the agent acts without clear limits.
The skill discloses real-token costs and token-related actions. That is aligned with the stated game, but users should not treat it like a purely fictional game currency.
**Financial activity:** This game involves real on-chain tokens ($BOTFARM on Base L2). After claiming your first coin, continued play requires holding tokens (buy on Uniswap or earn in-game). Gas Station subscriptions and claim fees cost real tokens.
Set explicit user approval requirements and spending/trading limits before allowing the agent to buy tokens, trade shares, subscribe, claim, or withdraw.