Back to skill

Security audit

Bankr

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed crypto trading skill, but it can move funds, place bets, deploy tokens, and submit raw blockchain transactions, so it needs careful review before use.

Install only if you intentionally want an agent to interact with real crypto assets. Prefer a read-only key unless you need execution, use a dedicated low-balance wallet, enable IP restrictions where possible, avoid storing keys in shared or synced files, and require explicit human review before trades, transfers, bets, deployments, automations, signing, or raw transaction submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (18)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill description is extremely broad and can trigger on many ordinary user requests, while the skill itself exposes high-risk capabilities including trading, transfers, signing, raw transaction submission, leverage, and token deployment. In an agent-routing context, overbroad activation materially increases the chance that sensitive financial actions are invoked when the user did not intend to engage a crypto execution tool.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document advertises irreversible on-chain actions, leverage trading, token launches, and raw transaction submission without a prominent upfront warning about financial loss, private-key/API-key sensitivity, and irreversibility. Because this skill is designed for natural-language execution of financial operations, burying risk warnings deep in the document increases the likelihood of unsafe use and mistaken authorization.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This reference describes commands that can create, cancel, and schedule automated trading actions affecting real assets, but it does not prominently warn that these instructions may execute live financial transactions with user funds. In the context of a crypto trading skill, omission of an explicit transactional-risk warning increases the chance of accidental or misunderstood execution, especially for scheduled commands and automated strategies that may continue acting after the initial prompt.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The documentation instructs users to set API and LLM keys via CLI commands and only afterward notes that config is stored at ~/.bankr/config.json, without clearly warning that sensitive credentials may be persisted locally. In a crypto trading skill that can move funds and access paid LLM services, unclear credential storage guidance increases the risk of accidental key exposure through weak file permissions, shared machines, backups, or dotfile syncing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation tells users to add `ANTHROPIC_AUTH_TOKEN` and base URL exports to shell startup files like `~/.zshrc` or `~/.bashrc` without warning that these files may be broadly readable, synced, backed up, or exposed through screenshots, dotfile repos, and local compromise. Persisting long-lived API credentials in plaintext increases the chance of credential theft and unauthorized gateway usage.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This reference includes direct examples for buying NFTs without clearly warning that purchases, transfers, and mints are blockchain transactions that are typically irreversible once signed and submitted. In a skill that facilitates real crypto and NFT actions, omission of explicit confirmation and irreversibility warnings can cause users to authorize costly or mistaken transactions, especially when using shorthand prompts like buying the cheapest item or minting from a link.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The documentation suggests users can view NFT holdings and portfolio data without stating what wallet data will be accessed, how addresses are selected, or what privacy implications exist. In a cross-chain wallet-enabled trading skill, this can lead to unintended exposure of wallet balances, holdings, and linked identities if users do not realize the agent will inspect on-chain portfolio information.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The search-market trigger examples are broad enough that ordinary conversation about trending topics, sports, or crypto could unintentionally invoke this skill. In a finance and betting context, ambiguous routing is dangerous because it can steer users into a gambling workflow or market-search flow without clear intent, increasing the chance of unintended financial actions downstream.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The odds-checking examples are phrased as generic factual questions about event probabilities rather than clearly scoped Polymarket requests. In this skill's context, that can cause the agent to interpret normal informational queries as requests to access a betting platform, which is especially risky because it sits adjacent to wagering and fund-moving capabilities.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file describes bet placement and automatic cross-chain bridging from available stablecoins without a prominent upfront warning that these are real financial transactions affecting user funds. This is more dangerous in context because the skill can operate across chains and automatically source assets, so an imprecise or misunderstood request could lead to unintended wagering, asset conversion, and bridging activity with real monetary loss.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger examples include very broad phrases such as 'What's my total balance?', 'How much crypto do I have?', and especially 'What's my net worth?', which can overlap with ordinary finance or budgeting questions. In a high-risk crypto trading skill, unintended activation is more dangerous because it may expose wallet portfolio data or route users into a financial/transactional workflow they did not intend to invoke.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The Solana launch prompt examples are broad enough that a general user request like 'Launch SpaceRocket' or 'Deploy a Solana memecoin called DOGE2' could be interpreted as authorization to perform an irreversible on-chain token deployment. In this skill, deployment spends funds, may create permanent fee arrangements, and has real financial/legal consequences, so ambiguous trigger phrases materially increase the risk of accidental high-impact actions.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The EVM examples include vague triggers such as 'Create a token on Base' and 'Launch new token on Unichain' that do not clearly distinguish informational discussion from a live blockchain deployment request. Because this skill is a trading and transaction gateway, such ambiguity is especially dangerous: the agent may treat exploratory language as authority to deploy an ERC20 contract and incur irreversible on-chain effects and costs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document explains how to deploy tokens and claim/transfer associated fee rights but does not prominently warn that these actions can spend assets, create permanent on-chain state, and in some cases establish immutable fee-recipient arrangements. In a crypto agent skill, omission of explicit irreversible-action warnings makes accidental or uninformed execution more likely and amplifies user harm.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The prompt examples and activation guidance are broad, action-oriented, and closely resemble ordinary user requests, which increases the chance this skill is invoked for ambiguous trading-related language without an explicit confirmation boundary. In a skill that can move real funds across chains, unclear triggering criteria can lead to unintended transaction preparation or execution, especially when examples normalize high-risk actions like swaps, bridging, and conversions.

Missing User Warnings

High
Confidence
97% confidence
Finding
This reference describes real trading, bridging, and asset conversion workflows but does not prominently warn that these actions can spend funds, incur fees, and irreversibly move assets across blockchains. In the context of a crypto trading and transaction-signing skill, missing safety warnings materially increases the risk of users or downstream agents treating execution as low-risk or reversible when it is not.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document encourages transfers to social handles and states that handles are resolved to linked wallet addresses, but it does not warn users that this resolution may require querying third-party platforms or external identity-mapping services. In a crypto-transfer context, that omission matters because it can expose user intent, counterparties, and wallet associations to outside services, creating privacy and profiling risks before a transaction is even sent.

Session Persistence

Medium
Category
Rogue Agent
Content
Auto-install the Bankr provider into your OpenClaw config:

```bash
# Write config to ~/.openclaw/openclaw.json
bankr llm setup openclaw --install

# Preview the config without writing
Confidence
88% confidence
Finding
Write config to ~/.openclaw/openclaw.json bankr llm setup openclaw --install # Preview the config without writing bankr llm setup openclaw ``` This writes the following provider config (with your ke

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.