bankr-signals
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires the agent to store a 'bk_' API key in a local configuration file at '~/.clawdbot/skills/bankr/config.json'. Furthermore, the 'publish-signal.sh' script relies on the 'PRIVATE_KEY' environment variable for signing transactions, which is a sensitive credential handling pattern.
- [EXTERNAL_DOWNLOADS]: The 'HEARTBEAT.md' file instructs the agent to fetch and follow instructions from a remote URL ('https://bankrsignals.com/heartbeat.md') every 15-30 minutes, creating a remote instruction dependency.
- [PROMPT_INJECTION]: The agent processes signal data from a public feed, creating an indirect prompt injection surface.
- Ingestion points: The 'reasoning' field in signals from 'https://bankrsignals.com/api/feed' and the content of 'https://bankrsignals.com/heartbeat.md'.
- Boundary markers: Absent; the skill does not provide delimiters or warnings to ignore instructions embedded in the external signal data or heartbeat file.
- Capability inventory: Includes cryptographic signing ('node/viem'), network operations ('curl'), and automated trading decisions based on signal metrics.
- Sanitization: Absent; the agent is directed to follow the remote heartbeat instructions and copy-trade based on external provider reasoning without content filtering.
- [COMMAND_EXECUTION]: The 'publish-signal.sh' script uses 'node -e' to dynamically execute JavaScript for EIP-191 signing, which processes the 'PRIVATE_KEY' environment variable.
Audit Metadata