Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
BORT Agent (BAP-578)
v1.0.0Interact with BORT AI agents on BNB Chain via BAP-578. Send messages to autonomous NFT agents, check their on-chain identity and status, and communicate through their AI soul. Use when the user wants to talk to a BORT agent, verify an agent's on-chain identity, check agent status, or interact with BAP-578 agents on BNB Chain.
⭐ 0· 1.4k·0 current·0 all-time
by@tsu-j
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The scripts and SKILL.md implement the advertised features (send messages to agents via a WebAPI connector, check runtime health, and query on-chain agent state). The contract addresses and WebAPI endpoints in the docs match the stated BNB Chain/BAP-578 purpose. However, the manifest declares no required environment variables or binaries even though the runtime instructions and scripts rely on BORT_RUNTIME_URL, BNB_RPC_URL, curl, and python3 (and optionally cast). This mismatch is unexpected.
Instruction Scope
The SKILL.md and included scripts instruct the agent to POST messages to a user-configurable WebAPI endpoint and to call an RPC node for on-chain reads. They do not attempt to read unrelated local files or secrets, nor do they exfiltrate data to hard-coded third-party endpoints. The concern is that the runtime uses environment variables that are not declared in the manifest (BORT_RUNTIME_URL, BNB_RPC_URL) and will make network requests to whatever endpoint is supplied — if that endpoint is untrusted it could receive message contents and metadata. The instructions also default to public RPC and localhost which is reasonable, but the omission in manifest is scope-creep risk.
Install Mechanism
This is an instruction-only skill (no install spec). No third-party packages or downloads are performed by an installer. The risk surface is limited to the included scripts being executed at runtime.
Credentials
The skill does not declare required environment variables or credentials in the manifest, yet the scripts expect BORT_RUNTIME_URL (WebAPI connector) and BNB_RPC_URL (RPC). No secrets/keys are requested, which is appropriate for read-only blockchain calls and local WebAPI interaction. However, because the skill will POST message payloads (including message text and metadata) to BORT_RUNTIME_URL, users must ensure that URL is trusted — otherwise message contents could be sent to an attacker-controlled endpoint. The lack of manifested env var requirements is an inconsistency that reduces transparency.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide settings. It is user-invocable and may run autonomously per platform defaults, which is normal. The scripts do not persist credentials or install background services.
What to consider before installing
This skill generally does what it claims (send messages to BORT agents, check runtime health, and read on-chain agent state) and the source includes the scripts so you can inspect them. However, the package metadata does not list the environment variables or binaries the scripts actually require. Before installing or running: 1) Review and set BORT_RUNTIME_URL and BNB_RPC_URL yourself (do not point BORT_RUNTIME_URL to an untrusted server). 2) Ensure curl and python3 are available on the host (cast is optional). 3) Inspect the included scripts (they are small and readable) to confirm behavior — they POST message payloads to the configured runtime and perform eth_call reads to the provided RPC. 4) Do not provide private keys or other secrets to this skill; it does not need wallet private keys for the advertised read operations. 5) Because the skill's origin/homepage is missing, prefer running it in an isolated environment (or container) until you are comfortable with its provenance. The main issue is an information/manifest inconsistency rather than obviously malicious code.Like a lobster shell, security has layers — review code before you run it.
latestvk9707f3xhwq8rmj3bhk0tma4j980gm05
License
MIT-0
Free to use, modify, and redistribute. No attribution required.