AIBTC Bitcoin Wallet

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Bitcoin wallet skill, but it gives an agent broad authority over keys, funds, DeFi actions, paid APIs, and persistent identity records without enough consistent approval and safety guidance.

Install only if you intentionally want an agent-controlled crypto wallet. Pin and audit the MCP server package before use, start on testnet or with a low-balance dedicated wallet, avoid importing valuable seed phrases, protect `PILLAR_API_KEY` as signing authority, keep wallets locked by default, and require explicit approval for every transfer, contract write/deploy, DeFi action, inscription, identity registration, and paid API call.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (11)

Context-Inappropriate Capability

Medium

Confidence: 68% confidence
Finding: The workflow enables arbitrary on-chain content publication and retrieval, which can be abused to store illegal, harmful, or policy-violating material permanently on Bitcoin. In an agent-wallet context, exposing generic publishing functionality without clear constraints, moderation, or policy gates increases misuse risk and could cause irreversible financial and compliance harm.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The skill exposes direct BTC transfer functionality but does not prominently warn that blockchain transfers are irreversible and can permanently affect user funds if the recipient or amount is wrong. In a wallet skill, omission of clear asset-risk and confirmation guidance increases the chance an agent or user initiates a harmful transaction through misunderstanding or unsafe automation.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The instructions tell users to publicly post an agent identity claim that includes both a Bitcoin address and a claim code, but provide no warning about privacy, linkability, or impersonation risk. In a wallet/identity lifecycle, encouraging public disclosure of correlating identifiers can permanently tie an agent wallet to a public social profile and expose operators to tracking, profiling, and social-engineering attacks.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The on-chain identity step instructs the agent to register Bitcoin and Stacks addresses to a smart contract without warning that this creates a permanent, public, and hard-to-reverse identity record. In a wallet skill, omission of this warning is security-relevant because it can cause users to irreversibly deanonymize wallets and create durable cross-chain identity linkage they did not intend.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The instructions describe broadcasting commit transactions and later reveal transactions without a prominent warning that these actions are irreversible, spend real BTC, and permanently publish data. In a wallet skill, insufficient risk disclosure can lead users or agents to commit funds and content they did not intend to make permanent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: Telling users to run wallet_unlock with a password without a credential-handling warning can encourage unsafe practices such as pasting secrets into chat, logs, or agent memory. In an agent environment, credential exposure can directly compromise wallet control and lead to theft of funds.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document describes irreversible fund transfers, wallet funding, and leveraged DeFi actions such as boost/unwind without prominent warnings about transaction finality, liquidation risk, slippage, address validation, or operator responsibility. In an agent-facing skill, omission of these warnings increases the chance that users or autonomous agents will execute financially harmful actions without adequate confirmation or risk awareness.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill explicitly recommends headless agent mode and states that keys auto-unlock using a password derived from PILLAR_API_KEY, but provides no warning that this credential effectively grants autonomous signing authority. If the API key is exposed, mishandled, or over-scoped, an attacker or misbehaving agent could unlock signing capability and perform unauthorized wallet and DeFi operations.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The document introduces asset transfers and other financially irreversible actions without an upfront warning that these operations can spend funds, incur fees, or be unrecoverable if misused. In an agent skill context, example prompts strongly shape behavior, so omitting prominent risk/confirmation guidance can increase the chance of unsafe execution by users or downstream agents.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The troubleshooting guide instructs users to create or import a wallet from a mnemonic without any warning that these actions involve highly sensitive secrets and can lead to irreversible loss if mishandled. In a wallet skill, normalizing such actions as casual troubleshooting steps increases the chance an agent or user will expose seed phrases, create unintended wallets, or proceed without understanding custody and recovery implications.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The document recommends creating a Pillar wallet as troubleshooting guidance while noting that the tool generates a signing key, deploys a wallet, and registers a pubkey, but it does not present this as a security-sensitive and potentially irreversible operation. In the context of an agent-controlled crypto wallet, this can mislead users into initiating key generation and on-chain actions without understanding custody, authorization, costs, or persistence of the resulting state.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal