Skillv0.1.0

ClawScan security

Bankr · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 12:57 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (crypto trading + LLM gateway) mostly matches its instructions, but it instructs the agent to store API keys and modify other tools' config (e.g., OpenClaw), and to route LLM traffic through Bankr — behaviors that go beyond a simple trading integration and could expose credentials or change platform defaults.
Guidance: This skill does what it says (crypto trading + an LLM gateway) but contains several potentially risky instructions you should review before using it: - It asks you to create Bankr API keys (bk_...) and may instruct the CLI to generate wallets and keys headlessly. Prefer manual key creation in a web dashboard if you want more control. Do not paste keys into an agent session unless you trust the skill. - The skill recommends storing API keys and setting environment variables and even writes provider configs into other tools' config files (notably ~/.openclaw/openclaw.json). That can make Bankr the default LLM provider for other tools and route unrelated model traffic through bankr — which could leak other usage or credentials. Only allow this if you explicitly trust bankr.bot and have audited what will be written. - Choose least privilege when generating keys: use read-only keys unless you explicitly need trade/transfer/write permissions. Avoid enabling LLM gateway or read-write flags for keys you give to agents. - Before installing or running anything: verify the vendor (bankr.bot), look up the @bankr/cli package on npm (authors, source repo, recent audits), and inspect what the CLI writes to disk. Prefer installing from a verifiable source and review the package code if possible. - If you try this, test everything with minimal funds (tiny amounts) and avoid running raw calldata or arbitrary transaction submissions until you fully understand and trust the calldata. If you want, I can: (1) extract and show the exact config snippets the skill would write to ~/.openclaw/openclaw.json, (2) list the precise commands that would modify environment or config files so you can review them, or (3) suggest a safer, read-only workflow to query balances/prices without writing keys into other tool configs.

Review Dimensions

Purpose & Capability: noteName/description (crypto trading + LLM gateway) align with the instructions: CLI usage, REST API, wallet and transaction flows, on-chain operations, and an LLM gateway are all described. Requiring the `bankr` binary is coherent. However, the skill also instructs writing provider configs into other agent/tool config files (e.g., ~/.openclaw/openclaw.json) and recommending base URL overrides for other LLM SDKs — changes that expand the skill's impact beyond a single trading integration.
Instruction Scope: concernRuntime instructions explicitly direct the agent/user to create API keys, store keys in config files, set environment variables (e.g., BANKR_API_KEY, BANKR_LLM_KEY, ANTHROPIC_AUTH_TOKEN), and run bankr llm setup commands that write to ~/.openclaw/openclaw.json and other tool configs. The skill also provides raw-transaction submission guidance. While raw transactions are expected for a trading agent, modifying other tools' config and suggesting global env changes grants Bankr control over LLM routing and can cause credential/traffic redirection.
Install Mechanism: okThis is instruction-only (no install spec or code files). The recommended install commands are standard (bun / npm global install of @bankr/cli). No suspicious download URLs or archive extracts are present in the provided files.
Credentials: concernThe registry metadata declares no required env vars, yet the instructions repeatedly reference and instruct storing sensitive credentials: BANKR_API_KEY, BANKR_LLM_KEY, and instruct exporting ANTHROPIC_* vars and writing API keys into other tool configs. Asking the user to generate an API key (bk_...) and to enable read-write and LLM gateway access is expected for functionality, but the skill encourages placing keys into third-party configs and global env vars (which broadens credential exposure). There is no explicit declaration of what credentials the skill itself will need or retain.
Persistence & Privilege: concernThe skill recommends writing provider configuration (including an apiKey) into ~/.openclaw/openclaw.json and suggests running bankr llm setup --install which modifies other tools' config and sets Bankr models as defaults. That modifies other agent/tool configurations (system/user-level files) and can change the platform's default LLM routing — a material persistence/privilege increase beyond the skill's own files.