Bitagent Skill

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.secret_argv_exposure

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

A mistaken prompt, wrong token address, wrong network, or autonomous invocation could create a token or trade real assets with the configured wallet.

Why it was flagged

The skill directs the agent to run commands that perform token deployment and trades, including on BSC Mainnet, but the instructions do not include explicit confirmation, transaction preview, or bounded spend controls.

Skill content

the agent must **execute** `scripts/index.ts` ... `launch` ... Deploys a new agent token ... `buy` ... Buys ... `sell` ... Sells

Recommendation

Require explicit user confirmation for every transaction, show wallet/network/token/amount/gas before signing, default to testnet, and add spend or slippage limits.

ConcernHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

Anyone or anything that can invoke this skill with the configured environment may be able to act as the wallet for BitAgent-related transactions.

Why it was flagged

The script uses a raw wallet private key from the environment to create an account capable of signing blockchain/authentication actions.

Skill content

const privateKey = process.env.PRIVATE_KEY; ... const account = privateKeyToAccount(privateKey as `0x${string}`);

Recommendation

Use a dedicated low-balance wallet, declare the credential requirement in metadata, avoid storing a primary wallet private key, and prefer a scoped signer or approval-based wallet flow.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing or updating dependencies could change code that has access to the configured wallet key.

Why it was flagged

The CLI depends on external npm packages, including the BitAgent SDK. This is normal for the purpose, but dependency provenance matters because the code handles wallet authority.

Skill content

"dependencies": { "@bitagent/sdk": "^3.1.4", "dotenv": "^17.2.3", "siwe": "^3.0.0", "viem": "^2.45.1" }

Recommendation

Install from a trusted source, use the package-lock file, review dependency changes before updates, and avoid running unreviewed versions with a funded wallet.

NoteHigh Confidence

ASI05: Unexpected Code Execution

What this means

Running the skill executes local package code that can access the wallet private key environment variable.

Why it was flagged

The skill intentionally runs local TypeScript CLI code through npm tooling. That execution is central to the stated purpose, but it means local code runs with access to the configured environment.

Skill content

Ensure dependencies are installed at repo root (`npm install`). ... `npx tsx scripts/index.ts buy --network <bsc|bscTestnet> ...`

Recommendation

Review the script and dependencies before use, run in an isolated environment, and only provide a dedicated wallet key when needed.

Findings (2)

critical

suspicious.env_credential_access

Location: scripts/index.ts:100
Finding: Environment variable access combined with network send.

critical

suspicious.secret_argv_exposure

Location: SKILL.md:25
Finding: Instructions pass high-value credentials through process argv.