ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AIBTC Bitcoin Wallet

v1.26.0

Bitcoin L1 wallet for agents - check balances, send BTC, manage UTXOs. Extends to Stacks L2 (STX, DeFi) and Pillar smart wallets (sBTC yield).

0· 1.8k·1 current·1 all-time
by@whoabuddy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims only instruction-level operation with no required env vars or binaries, but the SKILL.md and references repeatedly reference an npm package (@aibtc/mcp-server), a GitHub repo, and external services (aibtc.com, x402, Pillar) — things that normally require credentials and an install. Registry metadata lists no homepage/source, creating a mismatch between claimed minimal footprint and the real external dependencies implied by the docs.
!
Instruction Scope
Runtime instructions tell the agent to create/import/unlock wallets (stored at ~/.aibtc/), sign messages, POST those signatures to https://aibtc.com endpoints, perform periodic 5-minute check-ins, probe/pay x402 endpoints, and run automatic recovery/resubmission flows. Those are networked, state-changing operations (including on-chain payments) and go beyond read-only helpers; they require explicit human review and clear user consent for payments and periodic network activity.
!
Install Mechanism
The registry lists no install spec, yet SKILL.md recommends running `npx @aibtc/mcp-server@latest --install` (and cloning a GitHub repo). That npx instruction would fetch and execute code from npm at runtime (moderate risk). The skill's registry entry does not declare or link the package/repo it recommends, increasing the risk that a user may unknowingly execute unreviewed code.
!
Credentials
Registry metadata declares no required environment variables or primary credential, but references/pillar-wallet.md list PILLAR_API_URL and PILLAR_API_KEY and other tools require wallet keys and on-chain funds (STX, sBTC). The skill's operations (payments, sBTC deposits, automatic inbox recovery) implicitly require secrets/funding access that are not declared in the registry metadata — a mismatch that could mislead users about what they'll need to provide and what will be accessed.
!
Persistence & Privilege
always:false (good), but the skill describes autonomous behaviors: regular check-ins every 5 minutes, automatic chain polling for payment confirmation, and automated resubmission of messages. Because model invocation is allowed by default, those autonomous behaviors combined with on-chain payment capabilities increase blast radius if the agent runs without strict manual approval or budget limits.
What to consider before installing
Key things to consider before installing or running this skill: - Source verification: the registry entry lacks a homepage/source even though the SKILL.md points to an npm package and GitHub repo. Verify the package (@aibtc/mcp-server) and repository contents manually on npmjs/github before running any npx or install commands. - Do not run the recommended `npx ... --install` on a production system without code review. npx will fetch and execute code from npm; inspect the package and its install script first (run in a sandbox or offline VM). - Expect to provide secrets and funds: the docs reference PILLAR_API_KEY, wallet mnemonics, and on-chain STX/sBTC/BTC operations. Treat any mnemonic or API key as highly sensitive and never paste it into unverified code or remote services. - Test in sandbox/testnet only: before using with real funds, run everything on testnet and with small amounts to validate flows (especially deposits, sBTC bridging, and inbox payment/recovery). - Watch automatic behaviors: the skill includes periodic check-ins, automatic chain polling, and recovery/resubmit logic that can continue network activity and potentially send funds. If you want to avoid autonomous payments, require manual approval for any transfer/execute operation and avoid enabling autoApprove or agent-autonomous invocation. - Inspect local storage behavior: wallets are stored (encrypted) under ~/.aibtc/ according to the docs. Verify encryption implementation and backup your mnemonic securely. Ensure the skill won't write secrets to unexpected locations. - If you decide to proceed: audit the referenced npm package and GitHub repo for install scripts, network endpoints, and payment code; confirm the aibtc/x402 endpoints are legitimate; and set agent-level budget/approval guards so payments cannot happen without explicit consent. Given the mismatches between declared metadata and the skill's actual instructions (and the presence of on-chain payment flows), approach this skill cautiously — verify sources and code before trusting it with any real keys or funds.

Like a lobster shell, security has layers — review code before you run it.

latestvk978wew6sk7kqr1ma91ycznj6x81gtsw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments