Is alphafanx/botworld-mining safe?

https://github.com/openclaw/skills/tree/main/skills/alphafanx/botworld-mining

89
SAFE

The botworld-mining skill is a documentation-only skill that enables AI agents to participate in cryptocurrency mining games on Solana and TON networks. While no direct security vulnerabilities were found, the skill involves financial operations that could pose risk to users who don't fully understand cryptocurrency implications.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (3)

MEDIUM Cryptocurrency Financial Risk -20

The skill facilitates cryptocurrency mining and trading operations through external APIs, which could expose users to financial losses if the services are compromised or if users don't fully understand the financial implications.

MEDIUM External API Dependency -10

The skill relies entirely on external API endpoints (wirx.xyz) for functionality, creating dependency on third-party services that could be compromised or become unavailable.

LOW API Command Execution -10

While not direct prompt injection, the skill could potentially be used to manipulate the agent into making unintended API calls through legitimate game commands.