Bitagent Skill
v0.1.1Launch, buy, and sell tokens on BitAgent bonding curves via CLI. Use when the user wants to create a new agent token, or trade existing agent tokens on BitAgent (BSC Testnet/Mainnet).
⭐ 1· 1.7k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The CLI and code (scripts/index.ts) implement launch/buy/sell on BitAgent and call BitAgent APIs — that's consistent with the name/description. However the registry metadata claims 'Required env vars: none' while both SKILL.md and the code require a PRIVATE_KEY. README references a GitHub repo (unibaseio/openclaw-bitagent) while the skill source is 'unknown' in the registry; these metadata inconsistencies are concerning.
Instruction Scope
SKILL.md instructs the agent to execute scripts/index.ts (via npx tsx) and to capture/return stdout, and to set PRIVATE_KEY in the OpenClaw config. The script loads 'dotenv/config' (will read .env if present) and performs network calls to BitAgent auth/API endpoints. The instructions do not mention or warn that .env will be read, nor do they caution about storing a private key in the agent config — both could lead to unintended exposure of other secrets or the wallet key. The agent is told to return CLI stdout to the user; while the code does not obviously print the private key, printing transaction/state data may leak context.
Install Mechanism
There is no registry install spec (instruction-only), but package.json and package-lock.json are included and SKILL.md instructs running 'npm install'. Dependencies resolve from npm (no external/obfuscated downloads). package-lock lists many transitive dependencies (including aws-sdk and pinata-web3 via @bitagent/sdk) which are plausible for the SDK but increase attack surface and should be installed only from a trusted source.
Credentials
The runtime requires a PRIVATE_KEY (wallet private key) — which is appropriate for on-chain operations — but this required env var is not declared in the skill registry metadata. The skill also imports dotenv so it may read a .env file in the repo directory; storing a private key in OpenClaw config or a .env file increases risk of accidental exposure. No other credentials are requested by the code, which aligns with purpose, but the mismatch between declared and actual required env vars is a red flag.
Persistence & Privilege
The skill is user-invocable, not forced-always, and does not request system-wide configuration changes. It does not declare 'always: true' and does not modify other skills' configs. Autonomous invocation is allowed by default (disable-model-invocation:false), which is expected; this combined with other concerns increases risk but is not by itself a misconfiguration.
What to consider before installing
This skill implements BitAgent CLI operations but has some red flags you should address before installing:
- The code and SKILL.md require a PRIVATE_KEY, but the registry metadata does not declare it. Do not trust the skill with your mainnet/real wallet key until you verify source and behavior.
- The script imports dotenv and will read a .env file if present; ensure you do not store other secrets (or the real private key) in repo .env or in OpenClaw config without understanding the risks.
- Verify the skill source (README cites a GitHub repo but registry says source unknown). Prefer installing only from a verified repository and review the full scripts/index.ts yourself.
- If you want to test functionality, use an ephemeral/test wallet on BSC Testnet and a disposable account. Avoid providing a production private key until you audit the code and dependency tree (package-lock.json includes many transitive packages via @bitagent/sdk).
- Consider running the CLI in an isolated environment (container or separate machine) and inspect all stdout/stderr to ensure no secrets are printed or exfiltrated.
If the publisher can update the registry metadata to declare PRIVATE_KEY as a required env var and provide a verifiable source URL/repo, that would reduce ambiguity. As-is, treat this skill as 'suspicious' and proceed cautiously.Like a lobster shell, security has layers — review code before you run it.
latestvk979j5bepzwh4nswfn2114e9dh80ehrr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.