Back to skill

Security audit

KibiBot

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent but needs Review because it can trigger wallet-funded credit reloads and on-chain token creation without clearly requiring final user confirmation.

Review before installing. Use a least-privileged Kibi API key, enable Agent Reload only if you understand the wallet source and daily limits, require explicit approval before any token creation or credit reload, and avoid routing secrets or regulated data through the LLM gateway unless you accept KibiBot's data handling and billing terms. VirusTotal was pending, so this verdict relies on artifact evidence, metadata, static scan, and SkillSpector context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages routing prompts through KibiBot's hosted LLM gateway but does not clearly warn that user prompts and request contents are transmitted to KibiBot and likely onward to third-party model providers. This can cause unintentional disclosure of sensitive data because users may assume the agent is using its default provider or local processing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The setup text says the agent can top up Kibi Credits from the trading wallet, but it does not present this as a spending action with clear financial risk. An agent-triggered reload can move user funds and incur unintended cost if invoked too freely or under prompt manipulation.

External Transmission

Medium
Category
Data Exfiltration
Content
Compatible with Claude models via Anthropic Messages API format.

```bash
curl https://llm.kibi.bot/v1/messages \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: YOUR_KB_API_KEY" \
  -d '{
Confidence
93% confidence
Finding
curl https://llm.kibi.bot/v1/messages \ -H "Content-Type: application/json" \ -H "X-Api-Key: YOUR_KB_API_KEY" \ -d '{ "model": "claude-haiku-4-5", "messages": [{"role": "user", "content"

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
### Step 1 — Get your API key
Go to [kibi.bot/settings/api-keys](https://kibi.bot/settings/api-keys) → Create API Key → copy the `kb_...` key.

> **Permissions:** Base API is always included. Enable **Kibi LLM Gateway** if you want to use AI models. Enable **Agent Reload** if you want the agent to top up your Kibi Credits automatically from your trading wallet.

### Step 2 — Add Kibi Credits (for AI model access)
Go to [kibi.bot/credits](https://kibi.bot/credits) → Add Credit.
Confidence
86% confidence
Finding
Permissions:*

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.