ClawHub

Botcoin Miner

Security checks across malware telemetry and agentic risk

Overview

This is a coherent BOTCOIN mining skill, but it gives an agent write-capable wallet authority for real crypto transactions without clear per-transaction user approval requirements.

Install only if you are comfortable giving an agent a write-enabled Bankr key for BOTCOIN mining. Use a dedicated low-balance wallet, restrict the key by IP, avoid exposing the key in prompts or logs, verify token and contract addresses, and require manual approval for every swap, bridge, stake, receipt, vouch, claim, unstake, or withdrawal transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill requires a write-enabled BANKR_API_KEY and gives operational guidance for using it, but does not prominently frame it as a high-sensitivity signing credential whose compromise can authorize transactions. Although it briefly recommends IP allowlisting, that is not an adequate substitute for explicit warnings about secret handling, storage, redaction, and the financial consequences of leakage.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to perform swaps, bridging, staking, unstaking, withdrawals, and claims as concrete workflow steps without a strong user-facing warning that these are real on-chain actions with gas costs, slippage risk, cooldowns, and potentially irreversible loss. Because the skill is designed to automate financial actions, missing consent and risk disclosures materially increase the chance of unintended asset movement.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal