agenticbets
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The script
scripts/agenticbets.pyreads the user's Bankr API key from the local configuration file at~/.bankr/config.json(or the path specified byBANKR_CONFIG). This is a necessary operation for authenticating requests to the Bankr Wallet API but involves accessing sensitive credential data. - [COMMAND_EXECUTION]: The skill provides a Python script that constructs and submits blockchain transactions (approvals, bets, and claims). While these are the intended functions of the skill, it involves the execution of sensitive financial operations that should be confirmed by the user.
- [EXTERNAL_DOWNLOADS]: The documentation recommends the installation of the
@bankr/clipackage via npm or bun to manage API keys and wallet interactions. - [DATA_EXFILTRATION]: The skill ingests market data from the external API endpoint
https://agenticbets.dev/api/bankr/markets. This data (token addresses, symbols, and pool stats) is used to parameterize the blockchain transactions submitted by the agent. - Ingestion points:
fetch_markets()function inscripts/agenticbets.pyreads fromhttps://agenticbets.dev/api/bankr/markets. - Boundary markers: No explicit markers or warnings are used to separate untrusted API data from the agent's logic.
- Capability inventory: The skill uses
submit_tx()inscripts/agenticbets.pyto perform network-based transaction submissions andload_bankr_key()to read local configuration files. - Sanitization: The script performs standard JSON parsing and field extraction, but does not implement cryptographic verification of the API's response data.
Audit Metadata