Bitagent Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-bitagent Version: 0.1.1 The skill bundle is benign. The `SKILL.md` clearly instructs the AI agent to execute a local TypeScript CLI script (`scripts/index.ts`) and return its output, without any prompt injection attempts to deviate from this purpose or hide actions. The `scripts/index.ts` file correctly uses the `PRIVATE_KEY` environment variable for blockchain wallet operations (signing SIWE messages and transactions) and interacts exclusively with the expected `api.bitagent.io` and `testnet-api.bitagent.io` endpoints for authentication and agent management. There is no evidence of data exfiltration to unauthorized destinations, malicious execution, persistence mechanisms, or obfuscation. All dependencies listed in `package.json` and `package-lock.json` are standard and relevant to blockchain interaction and the BitAgent SDK.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken prompt, wrong token address, wrong network, or autonomous invocation could create a token or trade real assets with the configured wallet.
The skill directs the agent to run commands that perform token deployment and trades, including on BSC Mainnet, but the instructions do not include explicit confirmation, transaction preview, or bounded spend controls.
the agent must **execute** `scripts/index.ts` ... `launch` ... Deploys a new agent token ... `buy` ... Buys ... `sell` ... Sells
Require explicit user confirmation for every transaction, show wallet/network/token/amount/gas before signing, default to testnet, and add spend or slippage limits.
Anyone or anything that can invoke this skill with the configured environment may be able to act as the wallet for BitAgent-related transactions.
The script uses a raw wallet private key from the environment to create an account capable of signing blockchain/authentication actions.
const privateKey = process.env.PRIVATE_KEY; ... const account = privateKeyToAccount(privateKey as `0x${string}`);Use a dedicated low-balance wallet, declare the credential requirement in metadata, avoid storing a primary wallet private key, and prefer a scoped signer or approval-based wallet flow.
Installing or updating dependencies could change code that has access to the configured wallet key.
The CLI depends on external npm packages, including the BitAgent SDK. This is normal for the purpose, but dependency provenance matters because the code handles wallet authority.
"dependencies": { "@bitagent/sdk": "^3.1.4", "dotenv": "^17.2.3", "siwe": "^3.0.0", "viem": "^2.45.1" }Install from a trusted source, use the package-lock file, review dependency changes before updates, and avoid running unreviewed versions with a funded wallet.
Running the skill executes local package code that can access the wallet private key environment variable.
The skill intentionally runs local TypeScript CLI code through npm tooling. That execution is central to the stated purpose, but it means local code runs with access to the configured environment.
Ensure dependencies are installed at repo root (`npm install`). ... `npx tsx scripts/index.ts buy --network <bsc|bscTestnet> ...`
Review the script and dependencies before use, run in an isolated environment, and only provide a dedicated wallet key when needed.