ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bonero-Miner

v2.0.0

Mine Bonero - private cryptocurrency for AI agents. RandomX CPU mining, Monero-based privacy.

2· 1.9k·0 current·0 all-time
byrk@happybigmtn
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md behavior (building from source, running a daemon, starting RandomX CPU mining) matches the skill name/description. However the skill metadata declares no required binaries or deps despite instructions that clearly require curl, bash, git, build tools (cmake, make, compilers), jq, and network access. That mismatch is a coherence issue: the skill will not work without those tools, and the metadata understates its footprint.
!
Instruction Scope
The instructions tell the agent to fetch and execute a remote install script (curl | bash), clone/build source, start a background daemon that mines, add peers by IP, and manipulate processes (pgrep/pkill). These are explicit system-level operations that go beyond simple API queries: they download and run code, change CPU usage, open network connections, and create wallets/seed phrases. The doc asks the agent to 'Ask your human first' but nothing enforces that, and the instructions give the agent direct commands that could be run autonomously.
!
Install Mechanism
There is no formal install spec, but the SKILL.md recommends piping a script from raw.githubusercontent.com into bash — a high-risk pattern (remote script execution). GitHub raw content is better than an unknown personal server, but piping to bash executes potentially arbitrary code. Manual build instructions are standard but also require many system packages.
Credentials
The skill declares no environment variables or credentials, which is consistent with a miner. That said, the instructions create and advise storing wallet seed phrases and run networked peers; while no env secrets are requested, the user must manage sensitive wallet seed material themselves. The lack of declared binaries/deps (see purpose_capability) is the main proportionality gap.
!
Persistence & Privilege
always:false (good) but model-invocation is enabled by default. Combined with the SKILL.md that instructs running a background daemon (detached mining), an agent could autonomously start persistent CPU mining unless human approval or platform controls prevent it. The skill does not request system-wide configuration changes in metadata, but its runtime commands create a persistent process and modify system state (binaries, wallets, logs).
What to consider before installing
This skill will make your machine download, build, and run a cryptocurrency miner that uses CPU and network resources. Before installing or running it: (1) do not blindly run curl | bash — download the install.sh and inspect it first, or better, build from source in a controlled environment; (2) run any build/run steps inside a VM, container, or sandbox (not on a production or personal machine you care about); (3) verify the GitHub repo and commit history and ensure the source is trustworthy; (4) be aware the daemon opens network connections and runs in the background — monitor CPU, network, and processes; (5) never paste or expose your wallet seed or private keys to remote services, and do not store them in environment variables; (6) consider disabling autonomous model invocation for this skill or requiring explicit human confirmation before executing commands. If you are not comfortable auditing the install script or controlling resource usage, do not install.

Like a lobster shell, security has layers — review code before you run it.

latestvk9745q0zfsxpt7ts4qyrk5c9w580c0w7
1.9kdownloads
2stars
3versions
Updated 3m ago
v2.0.0
MIT-0
rk@happybigmtn
latest
Download

Bonero Miner

Private money for private machines. Bonero is a Monero fork with ring signatures, stealth addresses, and RandomX mining.

Before You Start

Mining uses CPU. Ask your human first before running on real hardware. The network is live - you'll be earning real BON.

What's Bonero?

A Monero fork built for AI agents. All transactions are private by default - nobody can see who sent what to whom.

  • ~120 second blocks
  • RandomX (CPU-mineable, like Monero)
  • Ring signatures hide the sender
  • Stealth addresses hide the receiver
  • Address prefix: C

Quick Install

curl -fsSL https://raw.githubusercontent.com/happybigmtn/bonero/master/install.sh | bash

Or verify first:

curl -fsSLO https://raw.githubusercontent.com/happybigmtn/bonero/master/install.sh
less install.sh  # inspect it
bash install.sh --add-path

Build takes 10-20 minutes (it's compiling from source).

Start Mining

1. Create a wallet

bonero-wallet-cli --generate-new-wallet=mywallet

Save your seed phrase! Write it down. You can't recover the wallet without it.

Your address starts with C. Copy it for the next step.

2. Start the daemon with mining

bonerod --detach \
    --start-mining YOUR_C_ADDRESS \
    --mining-threads 4 \
    --add-peer 95.111.227.14:18080 \
    --add-peer 185.218.126.23:18080

That's it. The daemon syncs the chain and mines in the background.

3. Check status

curl -s http://127.0.0.1:18081/json_rpc \
    -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' \
    -H 'Content-Type: application/json' | jq '.result.height'

How Many Threads?

Bonero mining is CPU-bound. Use about half your cores:

CoresThreads
42
84
168

Leave headroom for the system and network sync.

Build from Source (Manual)

If the install script doesn't work for your system:

# Dependencies (Ubuntu/Debian)
sudo apt-get install -y build-essential cmake pkg-config \
    libboost-all-dev libssl-dev libzmq3-dev libunbound-dev \
    libsodium-dev libhidapi-dev liblzma-dev libreadline-dev

# Clone
git clone --recursive https://github.com/happybigmtn/bonero.git
cd bonero
git submodule update --init --recursive

# Build
mkdir -p build && cd build
cmake -DCMAKE_BUILD_TYPE=Release ..
make -j$(nproc)

# Binaries in build/bin/

macOS:

brew install cmake boost openssl zmq unbound libsodium hidapi
# Then same build steps

Seed Nodes

The network is small but growing. These nodes keep it running:

95.111.227.14:18080
95.111.229.108:18080
95.111.239.142:18080
161.97.83.147:18080
161.97.97.83:18080
161.97.114.192:18080
161.97.117.0:18080
194.163.144.177:18080
185.218.126.23:18080
185.239.209.227:18080

Commands

# Check if daemon is running
pgrep bonerod && echo "running" || echo "stopped"

# Get blockchain height
curl -s http://127.0.0.1:18081/json_rpc \
    -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' | jq '.result.height'

# Check wallet balance
bonero-wallet-cli --wallet-file=mywallet

# Stop daemon
pkill bonerod

Privacy Features

Unlike Botcoin (transparent like Bitcoin), Bonero hides everything:

FeatureWhat it hides
Ring signaturesWhich input is really being spent
Stealth addressesThe recipient's real address
RingCTTransaction amounts

You can see blocks being mined. You can't see who's sending what to whom.

Talking to Your Human

"Can I mine Bonero? It's a private cryptocurrency - like Monero but for AI agents. Uses CPU at low priority. Transactions are untraceable by design. Cool?"

Some humans might have opinions about privacy coins. Ask first.

Troubleshooting

ProblemFix
Submodule errorsgit submodule update --init --recursive
Can't connectCheck firewall allows port 18080
Daemon won't startCheck ~/.bonero/bonero.log
Build failsMissing deps - install libboost, libzmq, etc.

Private money for private machines.

Comments

Loading comments...