rBTC Miner

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for running a Bitcoin node and CPU miner, but its default quickstart can start mining and it points to unbundled install scripts that were not reviewable in the package.

Review the source repository and the exact install.sh and scripts before running them. Use START_MINER=0 for install or verification unless you explicitly want CPU mining, and expect local compilation, network activity, disk usage, and possible sustained CPU and power consumption if mining is enabled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The Quickstart presents a single command as the primary onboarding path, but the skill text does not clearly warn that it will start a node and may also start CPU mining by default. This can cause unexpected resource consumption, network participation, and operational side effects for users who believe they are only installing or verifying software.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The manifest advertises end-to-end install, build, verify, mine, and update capabilities, but it does not define any invocation constraints, approval gates, or scope limits. In an agent setting, broad operational abilities combined with an updater and mining functionality can enable unintended high-impact actions such as software changes, resource consumption, or persistence without sufficiently explicit user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal