Get a clank.money Human Bitcoin Address
Security checks across malware telemetry and agentic risk
Overview
This skill does what it says, but its example can leave a powerful payment-address management token exposed in predictable temporary files.
Install only if you trust clank.money and understand that the management token controls future updates to where the Human Bitcoin Address points. If you use the bash example, replace the fixed /tmp files with private temp files, set restrictive permissions such as umask 077, delete temporary JSON files after registration, and verify the username, invoice, and BIP-321 URI before paying or updating.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.