Back to skill

Security audit

AICash Miner

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AICash miner, but it immediately installs persistent root-level services and stores supplied credentials in generated files, so users should review it carefully before installing.

Install only on a dedicated Linux host where you intentionally want a persistent miner. Use a revocable API key, avoid custom service names, start with a small instance count, verify the created systemd units before relying on them, and plan to remove both the unit files and /root/.openclaw/workspace/aicash if uninstalling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script creates root-level systemd unit files under /etc/systemd/system and immediately enables them, giving the skill durable host-management and persistence capabilities beyond a one-shot setup task. In this context the behavior appears intended to keep the miner running, but it still materially increases risk because any generated miner code or embedded secrets will execute continuously as root.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill states that setup will create systemd services and start mining, but it does not prominently warn that this establishes persistent background execution and immediate continuous resource consumption. That omission can mislead users into granting long-lived execution on their machine without informed consent, increasing the risk of abuse or unexpected operational impact.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill asks users to supply an API key, wallet address, and endpoint URL without explaining how those values are handled, stored, or protected. In a mining tool that installs persistent services, undisclosed credential handling is risky because secrets may be written to disk, exposed in process arguments, logs, service units, or shell history.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script substitutes the API key, wallet, and endpoint directly into miner.js on disk in /root/.openclaw/workspace/aicash, creating persistent plaintext secrets without warning. This is dangerous because credentials may be exposed through backups, filesystem access, later log collection, or accidental sharing of the generated file, and rotation becomes harder once secrets are baked into code.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script creates root-owned systemd services and immediately enables and starts them with no explicit warning or confirmation, causing privileged persistence on the host. This is risky because users may not realize they are authorizing a continuously running root process, and any flaw or malicious change in miner.js gains long-lived privileged execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.