Security audit
Basememe AI
Security checks across malware telemetry and agentic risk
Overview
Basememe AI appears aligned with its crypto-trading purpose, but it can use a stored wallet private key to make irreversible Base mainnet transactions and its credential requirements are under-declared.
Install only if you are comfortable giving this skill access to a dedicated low-balance wallet on Base mainnet. Pin the package version, configure credentials only for this skill, quote or dry-run first, require manual confirmation for every write command, and revoke allowances when finished.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or CLI is invoked with this key, it can spend, send, approve, create, or claim assets from that wallet.
The skill can use a raw wallet private key to sign real Base mainnet transactions. This is expected for trading, but it is high-impact authority and conflicts with the registry metadata declaring no primary credential or required env vars.
`PRIVATE_KEY`: Required for any command that signs or sends a transaction (`buy`, `sell`, `send`, `create`, `8004-register`, `dividend-claim`, `vault-claim`, `vault-burn`, `vault-claim-reward`, `gift-proof-submit`).
Use only a dedicated low-balance wallet, declare and review all credentials before use, and require explicit human approval for every write transaction.
A mistaken token, spender, amount, or model-selected trade could leave funds approved or at risk beyond the immediate command.
The buy flow can create on-chain token/Permit2 approvals lasting up to one year. This is normal for DEX trading, but it is a persistent financial permission and is not prominently bounded in the supplied instructions.
const ONE_YEAR_SECONDS = 3600n * 24n * 365n; ... functionName: 'approve', args: [tokenAddress, spender, amount, nowSeconds() + ONE_YEAR_SECONDS]
Make quotes/dry-runs and human confirmation the default, cap trade sizes, and revoke allowances after use when possible.
The configured API token may authorize gift-proof actions with the Basememe backend.
Gift proof submission sends a bearer token to the Basememe API. This is provider-aligned, but it is another credential path that should be disclosed and scoped.
headers: { Authorization: `Bearer ${bearer}` },Use a provider-specific token with minimal scope, avoid logging it, and document the required env/config variable.
A future or compromised package version could run different code with access to the configured wallet key.
Installing @latest may fetch a future package version different from the reviewed 0.3.5 artifact. This is common CLI guidance, but it matters more for a wallet-signing tool.
npm install -g @basememe/ai@latest
Pin the reviewed version, verify the package source, and avoid granting a high-value private key to unreviewed updates.