ClawHub

aibtc

Security checks across malware telemetry and agentic risk

Overview

This skill intentionally starts an AIBTC crypto-mining worker, but it does so through unpinned remote npm execution and a detached background process that needs careful review.

Install only if you intentionally want this machine to mine AIBTC. Review the `aibtc-worker` package/source first, expect sustained CPU and network usage, prefer a sandbox or disposable environment, and make sure you can stop or manually kill the worker if the saved PID state is wrong.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The disclaimer materially downplays what the skill does by claiming the code is limited to hashing and seed submission, while the rest of the document explicitly describes lifecycle control of a worker process. This kind of contradiction can mislead users and reviewers about operational behavior, especially in a skill that starts/stops background processes and references remote execution via npx.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill description says it manages an automation worker, but the implementation launches an external mining process (`aibtc-worker`) via `npx`. That mismatch is a strong deceptive-indicator because it can induce users to authorize resource-consuming or financially motivated activity they did not knowingly request.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The code uses a shell pipeline (`ps aux | grep ...`) to enumerate processes, which expands the skill's capability beyond simple internal state tracking and relies on ambient system visibility. While targeted at `aibtc-worker`, this creates unnecessary process-inspection behavior and shell dependence that is broader than the stated purpose.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description says to use the skill for 'any request to control the aibtc automation worker,' which is broad enough to trigger on loosely related phrasing rather than an explicit user command. Overbroad activation increases the chance of unintended execution of process-control actions for a cryptocurrency worker, which is higher risk than a read-only skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger section includes vague natural-language variations like 'start aibtc' and 'status of aibtc' without defining strict parsing or authorization boundaries. In context, this skill controls a background crypto-mining worker, so accidental invocation could launch or interfere with a persistent process the user did not clearly intend to manage.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill starts a detached background subprocess and immediately `unref`s it, allowing it to continue running independently without ongoing supervision. In context, this is especially dangerous because the subprocess is a mining worker, so it can silently consume CPU/network resources after the parent exits.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The stop path kills a process group based on persisted PID data and deletes the state file with no validation or confirmation. If the state file is stale or tampered with, this could terminate unintended processes, making the destructive action more dangerous than advertised.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal