Bankr
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Bankr is a clearly disclosed crypto/LLM integration, but it can use read-write wallet authority, submit irreversible raw transactions, and create persistent trading automations, so it should be reviewed carefully before use.
Install only if you intentionally want Bankr to manage crypto and/or LLM gateway access. Prefer read-only mode first, use a separate low-balance wallet/key for write actions, verify every transaction and automation, and be especially cautious with raw calldata or leverage.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a read-write key is used, the agent may be able to initiate trades, transfers, bets, leverage positions, and other wallet actions that can lose funds.
A read-write Bankr API key delegates authority over high-impact financial actions. The skill does disclose read-only vs read-write, but the authority is broad and should be treated as a major permission boundary.
`--read-write` — enables write operations: swaps, transfers, orders, token launches, leverage, Polymarket bets.
Start with a read-only key unless write access is absolutely needed. Use a separate limited Bankr key, keep minimal funds in the wallet, require explicit confirmation for every financial action, and revoke or rotate the key when done.
A bad raw transaction could permanently transfer funds, approve a malicious contract, or perform an unintended on-chain action.
Raw calldata submission is an escape-hatch capability that can approve spenders, transfer assets, or interact with arbitrary contracts. Even though it is disclosed, mistakes or malicious calldata can cause irreversible loss.
Submit raw EVM transactions with explicit calldata to any supported chain... Call any function on any contract... Irreversible
Only submit raw transactions from trusted sources, decode and verify calldata, recipient, value, and chain ID before signing, and require a clear human confirmation immediately before submission.
An incorrectly configured automation could keep buying, selling, or monitoring on a schedule until cancelled, potentially causing repeated losses or unwanted activity.
The skill supports persistent automations that can execute future trades or commands after initial setup. This is purpose-aligned, but it extends financial authority beyond a single immediate request.
Set up automated orders and scheduled trading strategies... DCA $100 into ETH every week... Run any Bankr command on a schedule.
Use small amounts, set clear limits and expirations, review active automations regularly, and cancel anything you no longer intend to run.
Prompts, code, documents, and other content sent to models may pass through Bankr's gateway and use Bankr LLM credits.
Using the Bankr LLM gateway intentionally routes model prompts and responses through Bankr's provider gateway. This is disclosed and purpose-aligned, but users should understand the data flow.
When the base URL override is enabled, all model requests go through the gateway.
Use the gateway only if you are comfortable with that routing, avoid sending highly sensitive content unless appropriate, and monitor LLM credits and API key access.
Installing the CLI gives external package code access to the local environment and Bankr credentials used for trading.
The reviewed skill contains no code and relies on an external global CLI package for key handling and financial operations. This is central to the stated purpose, but the package contents are outside the provided artifacts.
bun install -g @bankr/cli ... npm install -g @bankr/cli
Install only from the official package source, verify the package name and publisher, consider pinning a version, and keep the CLI updated from trusted channels.