Sparkbtcbot
Security checks across malware telemetry and agentic risk
Overview
This skill is openly a Bitcoin wallet skill, but it gives an AI agent direct, autonomous control over a mnemonic that can spend all wallet funds.
Only use this skill directly with test wallets or small balances you are willing to lose. Do not give an autonomous agent a funded wallet mnemonic unless you have strong external controls such as spending limits, recipient allowlists, revocable access, and audit logs. Be especially careful not to expose the mnemonic in chat, terminal logs, git, or project files.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is compromised, misprompted, or makes a bad decision, it could spend or transfer the entire wallet balance.
The skill asks the agent to use a seed phrase that controls real Bitcoin/Spark funds and explicitly states the agent can spend all funds without built-in restriction.
SPARK_MNEMONIC ... sensitive: true ... This skill gives the agent full custody of the wallet. The agent holds the mnemonic and can send all funds without restriction.
Use REGTEST or very small balances for direct use. For real funds, prefer the recommended proxy or another wallet architecture with per-transaction approvals, spending caps, revocable tokens, and audit logs.
The agent may send payments or respond to payment requests automatically, which can cause irreversible financial loss if instructions, invoices, or recipients are wrong or malicious.
Autonomous invocation is disclosed, but it applies to irreversible financial operations and the artifact does not enforce approval, amount, recipient, or daily-spend limits in the direct SDK examples.
model-invocation: autonomous ... agents need to pay invoices and respond to incoming transfers without human approval for each transaction
Require explicit user confirmation for sends/withdrawals, enforce allowlists and spending limits, and keep autonomous payment authority disabled unless operating with funds you are prepared to lose.
A user may underestimate that installing or using this skill involves giving an agent custody-like access to wallet funds.
The registry metadata says no credential is required, but the skill and examples rely on SPARK_MNEMONIC, a secret wallet credential that controls funds. This under-declares the permission boundary to users reviewing metadata.
Required env vars: none; Env var declarations: none; Primary credential: none
Declare SPARK_MNEMONIC and the financial-control permission clearly in registry metadata, and make the direct-mnemonic mode visibly separate from limited proxy mode.
The wallet seed phrase could end up in chat history, terminal logs, or other retained context if users run the example through an agent.
The setup example prints a newly generated mnemonic to stdout. This is expected for wallet setup, but in an agent environment terminal output may be stored in transcripts or logs.
console.log("=== SAVE THIS MNEMONIC SECURELY ==="); console.log(mnemonic); ... console.log(`SPARK_MNEMONIC=${mnemonic}`);Generate and store mnemonics outside shared agent logs where possible, redact terminal output, and avoid placing funded wallet mnemonics in project files or chat transcripts.
Installing or running the examples relies on third-party package code that will operate near wallet secrets and payment functions.
The skill depends on external npm packages to perform wallet operations. This is purpose-aligned, and a lockfile is present, but wallet users should be careful about dependency provenance.
"dependencies": { "@buildonspark/spark-sdk": "^0.5.8", "dotenv": "^16.4.7" }Install from the included lockfile, review dependency updates before use, and avoid running unreviewed package changes with a funded mnemonic.