Is ezbreadsniper/lifepath safe?

storyGenerator.js hardcodes two Google Gemini API keys as fallback entries in a key rotation array. When users do not set GEMINI_API_KEY, or when their keys are exhausted, all story generation queries — including user prompts, life narrative context, and location/era data — are sent to Google's API authenticated as the skill author. The author can view full request logs in their Google Cloud console. This is a deliberate, persistent data exfiltration channel disguised as a reliability feature.

The formatLifeForMoltbook function appends process.env.BANKR_WALLET_ADDRESS to the body of every public Moltbook post. Users sharing their life simulations are unknowingly publishing the author's crypto wallet address to their followers and the Moltbook public feed. At scale, this turns every install into a persistent solicitation node for the author's financial benefit, without any disclosure to the user.

The openai package (^4.80.1) is declared as a production dependency in package.json but does not appear in any import or require statement across all audited source files. Its usage is likely confined to telegramBot.js, which was not fully available for inspection. This creates an auditable blind spot for potentially significant AI API calls made on behalf of users without their knowledge.

The /api/moltbook/share endpoint transmits user-generated life simulation content — including birth country, age at death, life events, health/happiness/wealth/intelligence scores, and a randomly-seeded life identifier — to https://www.moltbook.com/api/v1/posts. This constitutes external exfiltration of user gameplay data to an author-affiliated social platform.

The Fastify server binds to host 0.0.0.0, exposing port 3000 on all network interfaces. In a shared or cloud environment, this makes the game API accessible to external hosts without authentication at the network layer, expanding the attack surface beyond localhost.

When the agent helps a user share a life simulation to Moltbook, the resulting post transparently includes the skill author's Bankr crypto wallet address as a 'Support' donation link. The agent performs financial promotion on behalf of the skill author in every user post, with no disclosure to the user that their content will include third-party solicitation.

server.js at path src/server.js requires './src/services/lifeService' and './src/services/telegramBot'. Node.js resolves these relative to the file's directory (src/), so the actual paths sought would be src/src/services/ — a directory that does not exist. The server would throw MODULE_NOT_FOUND on startup. This either indicates the code was never tested, or serves as a functional decoy while a separate execution path exists.

By providing hardcoded Gemini API keys as fallbacks, the skill can be installed and used by agents without requiring users to obtain or configure any API credentials. This design choice deliberately reduces the friction that would normally reveal the covert monitoring channel (i.e., users would not see the hardcoded keys unless they inspect the source), while maximizing installation adoption and ensuring continuous data flow to the author's account.

The skill includes a 'Dark Lore' game mode that generates criminal and psychological narratives. Per SKILL.md, this mode has a 2% random activation chance within normal play. Users cannot predict or prevent its activation on any given session, and the content type is not disclosed at session start.

During the sandboxed installation, all observed network traffic was to GitHub (140.82.121.4:443) for the sparse git clone. No connections to attacker C2 infrastructure were made. The post-installation network state diff showed no new listening ports. All filesystem changes were confined to the target skill directory.