Bittensor SDK
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Bittensor skill, but it enables mainnet wallet and staking actions that can affect funds without clear confirmation or scope guardrails.
Install only if you intend to let the agent help with Bittensor operations. Keep wallets locked by default, use a dedicated low-balance wallet or testnet first, verify every transaction before signing, and pin/verify the Bittensor Python package.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent follows these instructions with access to an unlocked wallet, it could submit blockchain transactions that affect funds, registrations, or validator behavior.
The skill documents direct transaction-producing operations for staking TAO, registering neurons, and setting validator weights, including examples connected to `network="finney"` mainnet, without explicit user-confirmation or transaction-review requirements.
result = subtensor.add_stake(... amount=amount, safe_staking=True ...); result = subtensor.register(...); result = subtensor.set_weights(...)
Require explicit user approval for every transaction, including network, wallet, destination hotkey, amount, fees, and expected effect; default to testnet or read-only queries unless the user asks for a signed transaction.
A local wallet or proxy relationship could give the agent power to act on behalf of the user’s Bittensor account, potentially affecting tokens or account control.
Coldkey/hotkey and proxy operations are delegated account authority over a user's blockchain wallet, but the artifacts do not clearly bound which wallet/config is used or require explicit approval before using that authority.
- **Wallet Management**: Coldkey/hotkey operations, proxy relationships
Declare the wallet/config paths and credential expectations, use least-privilege hotkeys where possible, and require user confirmation before unlocking wallets, signing transactions, or creating proxies.
Installing a floating dependency could pull in a newer or compromised package version in the future.
The skill relies on an external Python package installed manually with a minimum version rather than a pinned, reviewed dependency. This is expected for an SDK skill, but users should verify the package source and version.
pip install bittensor>=8.0.0
Install from the official Bittensor package source, pin a known-good version, and use a dedicated virtual environment.