skills/bankrbot/openclaw-skills/erc-8004/Socket

erc-8004

Fail

Audited by Socket on Feb 15, 2026

1 alert found:

Obfuscated File

Obfuscated Filescripts/register-http.sh

HIGH

Obfuscated FileHIGH

scripts/register-http.sh

Not overtly malicious, but contains a critical code-injection vulnerability: REGISTRATION_URL is interpolated directly into node -e JavaScript without escaping, enabling arbitrary JavaScript execution if an attacker controls REGISTRATION_URL. Combined with the use of an external, unverified bankr CLI, this results in a meaningful supply-chain and execution risk. Fix by removing direct interpolation (use environment variable or file input), validate/sanitize REGISTRATION_URL, and verify bankr binary integrity before use.

Confidence: 98%

Audit Metadata

Analyzed At

Feb 15, 2026, 08:19 PM

Package URL

pkg:socket/skills-sh/bankrbot%2Fopenclaw-skills%2Ferc-8004%2F@07dafe2ca632a25a9ed4b058be24490b4afaef89