Bitaxe Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward miner status checker that contacts the Bitaxe address the user provides and can optionally save that address locally.

Install only if you are comfortable with a small third-party script reading BITAXE_IP, saving a miner IP under ~/.config/bitaxe-monitor, and contacting the HTTP address you configure. Use an IP for a device you control, preferably on your local network, and remove the config file if you no longer want the saved address.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill documentation describes capabilities to read environment variables, read and write a user config file, and make HTTP requests, but it does not declare any permissions. This mismatch is a real security issue because users and policy engines cannot accurately assess or constrain the skill's access, and the network/file capabilities could be abused if the implementation is modified or compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal