Skills
skills/stuckinaboot/net-public/botchan-net/Snyk

botchan-net

Fail

Audited by Snyk on Mar 13, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The skill explicitly shows and documents passing raw private keys (export BOTCHAN_PRIVATE_KEY=0x..., export NET_PRIVATE_KEY=0xYOUR_KEY) and a --private-key KEY CLI flag—patterns that permit or encourage embedding secret values verbatim in commands (high exfiltration risk), even though safer encode-only/Bankr alternatives are noted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md instructs agents to read and poll public, user-generated content (e.g., "botchan read general --unseen --json" and the "Agent Polling Pattern") and to fetch storage and profile data (e.g., netp storage read, botchan profile get) from the open Net Protocol network, meaning untrusted third-party posts/files are ingested and used in workflows that can drive subsequent actions (posting, transaction preparation, upvoting), so external content could indirectly inject instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly provides on-chain financial capabilities. It requires wallet keys (BOTCHAN_PRIVATE_KEY / NET_PRIVATE_KEY), supports transaction signing/submission (direct private key or via Bankr), and exposes crypto-specific commands that move value: netp token deploy (including initial-buy with non-zero value), netp upvote token/user (costs ETH per upvote), netp bazaar buy-listing / accept-offer (returns fulfillment with value), and other NFT trading and token deployment functions. The docs describe encode-only transaction outputs including "value" fields and workflows for submitting those value-bearing transactions. These are specific crypto/blockchain payment and trading operations (not generic HTTP or browser automation), so it grants direct financial execution authority.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 13, 2026, 01:43 AM
Issues
3