bracketsbot-skill

This module is functionally benign but presents a clear supply-chain / RCE risk due to dynamic import and execution of a user-specified POLICY_MODULE with no sandboxing, provenance checks, or capability restrictions. The code enforces only a small runtime correctness check on policy return values (integer 1-64), which limits malformed responses but does not mitigate malicious side effects performed by the module (file access, network calls, environment reading). Recommend: run only trusted policy modules, add provenance checks (signatures or checksums), run the policy in a restricted context (separate process with reduced privileges or a sandbox/VM), or use a safer plugin interface (e.g., a constrained VM that only allows pure computation and returns a seed).

SUSPICIOUS: The skill’s purpose and capabilities mostly align, and it avoids direct private-key custody by preferring browser-wallet or external signer flows. However, the central executable `bracketsbot` is an unverifiable local binary with no documented install source, release trail, or public publisher relationship in the provided evidence. Because the skill’s main function depends on executing that unknown CLI and preparing blockchain submission payloads, the trust model is weaker than the documentation suggests. Risk is driven by unverifiable dependency trust, not confirmed malicious behavior.