v0.1.0

risk art agent

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:18 AM.

Analysis

This is a disclosed Bankr crypto/LLM integration, but it can control real wallet funds, submit raw blockchain transactions, create persistent trading automations, and route model traffic through Bankr, so it needs careful review before use.

GuidanceInstall only if you intentionally want a Bankr agent with financial authority. Start with read-only access, use a separate low-balance wallet, verify every trade or raw transaction before submitting, regularly review active automations, and use a separate LLM-only key if enabling the gateway.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

references/arbitrary-transaction.md

Submit raw EVM transactions with explicit calldata to any supported chain ... Call any function on any contract

The skill documents a raw transaction escape-hatch that can execute arbitrary contract calls rather than only constrained, purpose-specific workflows.

User impactIncorrect or malicious calldata can transfer assets, approve spenders, interact with hostile contracts, or otherwise cause irreversible blockchain losses.

RecommendationAvoid raw transaction submission unless you can independently verify the target address, calldata, value, and chain; test with tiny amounts and never submit calldata from an untrusted source.

Rogue Agents

SeverityHighConfidenceHighStatusConcern

references/automation.md

Set up automated orders and scheduled trading strategies ... Scheduled Commands: Run any Bankr command on a schedule.

The automation feature can create persistent scheduled actions, including broad scheduled Bankr commands, that continue beyond the immediate user prompt.

User impactAutomations such as DCA, TWAP, stop-losses, limit orders, or scheduled commands may keep trading or checking accounts later, potentially under changed market conditions.

RecommendationCreate automations only with explicit amounts, limits, and review dates; periodically list active automations and cancel anything stale or unclear.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

bun install -g @bankr/cli ... npm install -g @bankr/cli

The skill depends on a globally installed external CLI package. That is central to the stated purpose, but it means users are trusting code outside the instruction-only skill artifact.

User impactThe actual wallet/API behavior depends on the installed `@bankr/cli` package, not just the reviewed skill text.

RecommendationInstall only from the official package source, keep the CLI updated, and review the package provenance before giving it read-write wallet access.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

`--read-write` — enables swaps, transfers, orders, token launches, leverage, Polymarket bets. **Without this flag, the key is read-only**

A Bankr API key can be upgraded from read-only to authority over trades, transfers, token launches, leverage, and betting, which are high-impact financial/account actions.

User impactA read-write key could let the agent move funds, place trades, open risky positions, or perform other irreversible wallet actions.

RecommendationUse a read-only key by default, create a separate low-balance wallet for automation, enable read-write only when needed, and revoke or rotate keys if you no longer trust the setup.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

references/llm-gateway.md

Auto-install the Bankr provider into `~/.openclaw/openclaw.json` ... This writes the following provider config (with your key and all available models)

The LLM gateway setup can place a Bankr key into local agent configuration and make Bankr an LLM provider for future model calls.

User impactPrompts, code context, or other model traffic may be routed through Bankr’s LLM gateway, and the same Bankr key may be reused unless a separate LLM key is configured.

RecommendationUse a separate LLM-only key when possible, understand what data will be sent to the gateway, and do not route sensitive prompts through it unless you accept that data flow.