litcoin-miner

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and encourages embedding API keys (bankr_key, ai_key) directly in code examples and requires supplying those keys to initialize the Agent, which would lead an LLM to include secret values verbatim in generated code or commands.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill content contains multiple intentional features that enable credential exposure and remote control (Bankr API key reuse, automatic relay serving using a user's AI key, admin override/stop tokens, upgradeable smart contracts), plus public archival of submitted code and chain-of-thought — all of which can be (and appear to be designed to be) misused to exfiltrate keys, run/route others' workloads, or remotely control/drain funds, so the overall risk is high.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mining and research workflows explicitly fetch and act on public coordinator content (e.g., GET /v1/challenge for comprehension mining and GET/POST /v1/research/task, /v1/research/submissions for research mining) — these are open, user/AI-generated tasks and archived submissions that the agent reads and uses to generate, test, and submit code, so untrusted third‑party content can materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching and running remote code at runtime — e.g., "curl -O https://litcoiin.xyz/litcoin_miner.py" followed by "python litcoin_miner.py", and running "npx litcoin-mcp" which pulls and executes an npm package — both are runtime downloads that execute remote code and are required options in the quick-start, so they meet the criteria for risky external dependencies.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto/DeFi SDK and contains concrete transaction-level functions for moving value: it requires a Bankr API key with agent write access, targets Base mainnet (chain 8453) and a specific token address, and exposes on-chain operations such as claim(), faucet(), stake()/unstake()/early_unstake(), open_vault()/open_vault_v2(), mint_litcredit(), repay_debt(), add_collateral(), close_vault(), deposit_escrow(), join_guild(guild_id, amount) and other functions that deposit, withdraw, stake, mint, or otherwise transfer/manage tokens. These are specific cryptocurrency and DeFi actions (signing/sending transactions, managing vaults and collateral, minting a stablecoin), not generic tooling. Therefore it grants direct financial execution authority.