Bonero-Miner
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is openly for cryptocurrency mining, but it asks you to install remote software and run a background CPU miner, so use it only with explicit consent and verification.
Install only if you intentionally want this machine to mine Bonero. Inspect the remote installer before running it, avoid giving the agent uncontrolled runtime, limit mining threads, monitor system load and power use, stop the daemon when finished, and keep the wallet seed phrase private.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the installer could make local system changes beyond what is visible in this skill file.
The default quick install executes a mutable remote script directly. This is consistent with installing mining software, but it means the reviewed artifact does not show exactly what code will run.
curl -fsSL https://raw.githubusercontent.com/happybigmtn/bonero/master/install.sh | bash
Prefer the documented verify-first path, inspect install.sh, and consider pinning to a trusted release or commit before execution.
Mining can slow the machine, increase power usage, and create costs.
The skill explicitly acknowledges that mining consumes CPU and requests human approval. The behavior is purpose-aligned, but resource use is still user-impacting.
Mining uses CPU. **Ask your human first** before running on real hardware.
Only run mining after explicit approval, choose a conservative thread count, and monitor CPU usage and temperature.
A background miner may keep consuming resources after the immediate task appears finished.
The miner is intentionally started as a detached background daemon. This is disclosed and relevant to mining, but it can continue running until stopped.
bonerod --detach \
--start-mining YOUR_C_ADDRESS \
--mining-threads 4Set clear runtime limits, check whether bonerod is running, and use the documented stop command when mining should end.
Anyone who sees the seed phrase could control the wallet funds.
Creating a cryptocurrency wallet produces a seed phrase that controls funds. The skill warns the user to save it, and no leakage is shown, but it is sensitive credential-like material.
**Save your seed phrase!** Write it down. You can't recover the wallet without it.
Keep the seed phrase out of chat logs and shared files, and store it securely offline or in a trusted password manager.