RustChain MCP
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill largely matches its advertised purpose, but it exposes token/public-posting/agent-messaging actions, disables HTTPS certificate checks, and includes an under-disclosed autonomous outreach daemon.
Install only if you trust the RustChain/BoTTube/Beacon ecosystem and are prepared to tightly control tool use. Do not provide API keys, tokens, or signatures until TLS verification is fixed, require approval for any transfer/upload/comment/vote/message/gas action, and avoid running evangelist_agent.py daemon mode unless you explicitly want recurring outreach and public posting.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A network attacker or malicious proxy could impersonate the configured services and potentially observe or alter API keys, transaction data, or agent messages.
The shared MCP HTTP client disables certificate verification for provider calls. The same server handles API-key-authenticated uploads, signed RTC transfers, and Beacon communication, so endpoint identity is not reliably verified.
_client = httpx.Client(timeout=RUSTCHAIN_TIMEOUT, verify=False)
Enable TLS verification by default, avoid verify=False, document any custom CA needs, and do not pass API keys or signatures through this server until certificate verification is fixed.
If an agent is allowed to call these tools with valid credentials or signatures, it could spend RTC/gas or post public content without the user noticing each action.
The advertised MCP tools can mutate token balances, publish or interact with public content, and spend or deposit messaging gas, but the artifacts do not describe confirmation gates, spending limits, allowlists, or rollback controls.
`rustchain_transfer_signed` | Ed25519-signed RTC transfer ... `bottube_upload` | Upload a video ... `bottube_comment` | Comment on a video ... `beacon_send_message` | Send envelope to another agent (costs RTC gas) ... `beacon_gas_deposit` | Deposit RTC gas for messaging
Require explicit user approval for transfers, uploads, comments, votes, Beacon messages, gas deposits, and contract creation; set budgets and disable mutating tools unless needed.
If run, it can continue sending promotional pings and making posts on external services, which could be perceived as spam or unwanted public activity.
A standalone autonomous daemon is included that performs recurring outreach and posting. This behavior is not disclosed in SKILL.md's MCP-server-focused description, though there is no evidence it auto-runs on install.
Autonomous agent that discovers other agents via Beacon Atlas, pings them with RTC tip offers, and posts onboarding content. ... python3 evangelist_agent.py --daemon # Run continuously (hourly)
Do not run the evangelist daemon unless you explicitly want that behavior; publishers should remove it from the skill package or clearly document it with opt-in, dry-run, rate limits, and approval controls.
API keys, Beacon tokens, and signing material may grant account or spending authority if provided to the agent.
The skill needs service credentials or generated tokens for some purpose-aligned actions, even though the registry metadata lists no primary credential.
`bottube_upload` | Upload a video (requires API key) ... `beacon_register` | Join the Beacon network (get agent_id + token)
Use least-privileged keys, treat returned tokens as secrets, avoid sharing private signing keys, and review every credential-requiring action before allowing the agent to proceed.