Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Bittensor Sn85 Vibe Miner
v2.1.0Automates setup of GPU-accelerated Bittensor Subnet 85 video upscaling and compression miners with storage, monitoring, and performance optimizations.
⭐ 0· 406·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill metadata declares no required binaries, env vars, or credentials, but SKILL.md clearly expects many host capabilities and credentials: btcli (Bittensor CLI), git, python3/venv/pip, pm2, sudo, scp/ssh, wget, ffmpeg (NVENC-capable builds), and a Bittensor wallet (hotkeys with ~0.4τ). The lack of declared requirements in metadata is inconsistent with the document and may hide important preconditions.
Instruction Scope
Instructions go beyond simple setup: they tell you to copy wallet private files from your machine to a rented instance, edit /etc/caddy/Caddyfile to remove authentication so external validators can connect, open/advertise external ports, and run persistent services as root. Copying private keys to third-party VMs and explicitly removing reverse-proxy auth meaningfully broaden the skill's operational scope and introduce high-risk actions not called out in metadata.
Install Mechanism
This is instruction-only (no install spec) which lowers the static install risk. The guide does instruct downloading a BtbN ffmpeg release from GitHub (a well-known release host) and pip-installing video2x; those are expected for GPU video processing and are not inherently suspicious. However, the instructions implicitly assume you will make system-wide changes (copying binaries to /usr/local/bin, editing Caddy config, pm2 startup) which change system state.
Credentials
Although the registry declares no secrets/env requirements, the instructions require access to highly sensitive wallet files (hotkeys) and to environment variables used by Vast.ai (VAST_TCP_PORT_...), and expect you to place wallet files under /root/.bittensor/wallets. Requesting transfer and storage of private wallet material on a rented VM is disproportionate to a benign install and materially increases attack surface (key theft risk).
Persistence & Privilege
The skill instructs installing/starting persistent services via pm2 and enabling auto-start (pm2 startup / pm2 save) and editing system Caddy configuration. While the skill is not set always:true, these instructions create long-lived processes and system-wide config changes (Caddy) that persist beyond a single run and affect system network exposure.
What to consider before installing
This guide looks like a real SN85 miner deployment, but you should NOT blindly follow it without considering safety: 1) Do not copy your main wallet private keys to a rented VPS — instead create a new hotkey with minimal funds or a dedicated mining hotkey and transfer only that; 2) Avoid disabling authentication globally in Caddy. If validators truly require unauthenticated endpoints, prefer firewall rules, IP allowlisting, or a scoped proxy rather than removing auth from /etc/caddy/Caddyfile; 3) Inspect the vidaio-subnet repository source code before running any Python services (they will run as persistent daemons and can access your filesystem/network); 4) Run the services under a non-root user and limit filesystem permissions to the wallet directory; 5) Use an isolated/test instance first to validate behavior (no production funds); 6) Consider using host-level blocklists, monitoring, and log collection, and rotate keys after testing; and 7) Be aware the skill metadata omitted many required tools and sensitive operations — ensure you have btcli, pm2, ffmpeg with NVENC, ssh/scp, and an understanding of the security trade-offs before deploying.Like a lobster shell, security has layers — review code before you run it.
latestvk972xhgbg7acr6jg91bs4wmnc982z2xv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.