Crypto Sniper Bot
Security checks across malware telemetry and agentic risk
Overview
This high-risk crypto trading bot asks for wallet control, but the provided code has weak API authentication and security claims that do not match the implementation.
Do not connect a real or high-balance wallet to this bot as provided. If you test it, use an isolated machine, bind the API to localhost only, use a dedicated low-balance wallet, remove the test_signature bypass, verify private-key encryption and redaction, rotate/remove the exposed SkillPay key, and review the full trading/config/payment code before allowing autonomous trades.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can reach the service and knows the public test header could call endpoints that configure the bot, start trading, stop it, read history, or change notification settings.
All high-impact API endpoints are protected by middleware that accepts a fixed test string instead of verifying a real payment or user authorization.
if (paymentHeader === 'test_signature') {
return next();
}Do not run this service on a reachable network until real authentication, real SkillPay verification, localhost binding or firewalling, rate limits, and authorization checks are implemented.
A wallet private key grants full control of that wallet’s funds; if the API, config file, logs, or response are exposed, funds could be at risk.
The configure endpoint accepts a raw wallet private key, persists it through the config manager, and returns the current config without visible redaction at this endpoint.
if (walletPrivateKey) updates.walletPrivateKey = walletPrivateKey; ... config: configManager.getConfig()
Use only a dedicated low-balance test wallet, require local-only access, redact private keys from all responses, prove/enforce encrypted storage, and prefer wallet signing flows over storing raw private keys.
Users may trust the bot with funds because of security promises that are not supported by the provided implementation.
These security claims are materially weakened by the visible code: /configure accepts walletPrivateKey over the API, the endpoint returns config data, and payment verification accepts a hard-coded test signature.
Private Key Storage: Keys stored locally in encrypted config ... Payment Verification: All API calls require SkillPay signature ... No Key Transmission: Private keys never sent over network
Treat the security section as unverified until the implementation is corrected and independently reviewed; update the documentation to match actual behavior.
A shared or leaked payment/API key can blur billing and authorization boundaries and may stop working or be abused outside the user’s control.
A secret-looking SkillPay API key is embedded directly in public skill metadata instead of being supplied as a private user-specific environment value.
"apiKey": "sk_e390b52cb259fc4f4aa1489547a48375d72876acdee75de57101d9e0e833fcb7"
Remove hard-coded API keys from public artifacts, rotate the exposed key, and require users/operators to provide their own credentials through secure environment configuration.
The bot may keep buying and selling while funds remain available unless the user stops it and monitors it closely.
The skill is explicitly designed to run continuously and take autonomous trading actions on a schedule.
24/7 automated token sniper bot ... Token monitoring: Every 30 seconds ... Position checking: Every 60 seconds
Use strict spend limits, a dedicated wallet, small balances, explicit start/stop procedures, and monitoring before allowing continuous operation.
Telegram, Discord, or email recipients and providers may learn details about the user’s trades and wallet activity.
Trading results, transaction hashes, token addresses, and P&L are sent to configured external notification channels.
P&L: ${profitLoss.toFixed(2)}%\nTX: ${txHash} ... await this.sendToAll(message);Configure only trusted notification channels and avoid sending alerts to shared or public webhooks.
Users have less assurance about where the code came from and how it should be safely installed or operated.
The skill has a provenance gap and no install specification despite shipping a runnable Node.js application for high-impact financial automation.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the complete source, package lock, and deployment instructions before installing; prefer audited, version-pinned, reproducible releases for wallet-connected software.