Skills
skills/botcoinmoney/botcoin-miner-skill/botcoin-miner/Snyk

botcoin-miner

Fail

Audited by Snyk on Mar 8, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The skill intentionally centralizes control of on-chain actions: it requires a write-enabled Bankr API key and instructs the agent to blindly submit pre-encoded transaction calldata returned by a remote coordinator (coordinator.agentmoney.net), which creates a high-risk supply-chain/backdoor vector where the coordinator (or anyone who controls it) can cause arbitrary transactions from the user's wallet (including draining funds or granting approvals) without local verification.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md instructs the agent to fetch challenges from the coordinator (GET ${COORDINATOR_URL:-https://coordinator.agentmoney.net}/v1/challenge) which returns an untrusted "doc" and optional "solveInstructions" that the agent must read and act on to create artifacts and submit on-chain transactions, so third-party content can directly influence tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The coordinator endpoint https://coordinator.agentmoney.net is called at runtime to fetch challenge documents and optional "solveInstructions" which are injected verbatim into the LLM prompt and are required for the skill to operate, so this external URL directly controls agent prompts.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial actions. It requires a Bankr API key with write/agent access, instructs the agent to check balances, swap ETH for BOTCOIN, bridge ETH, stake/unstake/withdraw tokens, obtain & sign transaction calldata, and submit raw transactions (POST /agent/submit) to mint/claim rewards. It includes concrete crypto details (EVM wallet resolution, chain ID, BOTCOIN token address, mining contract address, Uniswap swaps, pre-encoded calldata, signing/nonce flows). These are direct crypto/blockchain transaction operations (wallet signing, swaps, staking, submitting market/movement transactions), so it grants direct financial execution authority.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 8, 2026, 07:56 AM