Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
BFunbot Skill
v1.0.0Create tokens on BSC, check fee earnings, check BFun.bot Credits balance, trigger agent credit reload, and interact with BFunBot's Agent API and BFun LLM Gat...
⭐ 0· 61·0 current·0 all-time
by@bfunbot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (create tokens on BSC, check fees, use BFun LLM gateway) matches the API surface described in references/api.md, so the capabilities themselves are plausible. However the registry metadata claims no required env vars or config paths, while SKILL.md explicitly requires a bfbot_... API key and tells users to add it to ~/.openclaw/openclaw.json. That mismatch (no declared credentials but runtime instructions that require them) is a red flag for incoherence.
Instruction Scope
The runtime instructions tell the user/agent to: (1) store the bfbot_... API key in the agent's OpenClaw config file, (2) register BFun as an LLM provider (repointing model calls to https://llm.bfun.bot), and (3) enable Agent Reload which allows the agent to top up BFun.bot Credits from a trading wallet. These are out-of-band actions that change agent behavior, modify local config, and can trigger on-chain funds movement — all beyond a simple 'API helper' and worth caution.
Install Mechanism
This is instruction-only with no install spec and no code files, so nothing gets automatically downloaded or written by the platform. That lowers supply-chain risk compared to a binary/extract install.
Credentials
Although the registry lists no required environment variables or config paths, SKILL.md requires a bfbot_... API key and instructs placing it in ~/.openclaw/openclaw.json. It also relies on API-key scopes like 'llm_enabled' and 'reload_enabled' to let the agent make LLM calls and reload credits (i.e., spend funds). Requesting an API key with reload permission is proportional to the described 'agent reload' feature but the skill's metadata should have declared that. The lack of declared credentials and config paths is inconsistent and increases risk of accidental credential exposure or unexpected charges.
Persistence & Privilege
The skill does not set always:true, but the instructions ask users to modify their agent config so BFun becomes an LLM provider — effectively changing persistent agent behavior. Combined with autonomous invocation (the platform default) and the ability to trigger agent reloads from a trading wallet, this creates a non-trivial blast radius: the agent could route many model calls through BFun (billing your credits) or trigger on-chain reloads if permissions are granted. The skill itself doesn't declare or limit these privileges in metadata.
What to consider before installing
Don't install this blindly. Before proceeding: (1) ask the publisher to update the registry metadata to declare required credentials and config paths (bfbot_ API key, and any required scopes like reload_enabled/llm_enabled); (2) avoid pasting the API key into your agent config until you verify the service and limit the key's scopes — ideally create a key that does NOT include reload_enabled for initial testing; (3) do not enable Agent Reload (automatic top-ups) unless you trust the service and understand on-chain spending; (4) consider testing with minimal credits ($1) and monitor all transactions/logs; (5) verify the domains (bfun.bot, api.bfun.bot, llm.bfun.bot) and the GitHub repo mentioned in the docs before trusting code or configs; (6) if you need this capability but are unsure, ask the publisher for an explicit, minimal example of the exact configuration changes required and confirm they don't require storing long-lived secrets in plaintext in shared configs.Like a lobster shell, security has layers — review code before you run it.
latestvk9752qgkpm2z0e0z6az1k393xx83xrfj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.