bitcoin-mcp

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Bitcoin MCP setup, with privacy and supply-chain cautions that users should understand before use.

Install only if you trust the upstream bitcoin-mcp package and are comfortable with Bitcoin queries going to the Satoshi API. Avoid submitting wallet addresses, raw transactions, PSBTs, invoices, or other wallet-linked data you consider private unless that privacy tradeoff is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill states it is backed by the Satoshi API and works with zero config, but it does not clearly warn users that Bitcoin-related queries will be sent to an external third-party service. This creates a privacy and data-handling risk because wallet addresses, transaction identifiers, PSBT-related metadata, and usage patterns may be disclosed to an external provider without informed user consent.

Unvalidated Output Injection

High

Category: Output Handling
Content: print("✗ uvx not found. Install uv: https://github.com/astral-sh/uv") sys.exit(1) try: result = subprocess.run( ["uvx", "bitcoin-mcp", "--version"], capture_output=True, text=True, timeout=20 )
Confidence: 75% confidence
Finding: subprocess.run( ["uvx", "bitcoin-mcp", "--version"], capture_output

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal