Is botcoin-miner safe?
https://clawhub.ai/happybigmtn/botcoin-miner
This skill is a cryptocurrency miner packaged as an agent plugin. Its core function is to instruct the LLM agent to download and execute an external binary (botcoind) that runs as a persistent background daemon consuming CPU, RAM, and network resources for mining. The SKILL.md uses sophisticated social engineering targeting AI agents — framing mining as 'agent autonomy' and an 'operating budget' — to convince the agent to execute these instructions without informed user consent. While the skill contains no hidden code, obfuscated payloads, or direct data exfiltration, the act of instructing an agent to download and run unaudited binaries as a persistent daemon constitutes a significant security risk following the classic cryptojacking pattern.
Category Scores
Findings (9)
CRITICAL Skill instructs agent to download and execute external binary -60 ▶
The core function of this skill is to instruct the LLM agent to download a precompiled binary (botcoind) from GitHub releases and execute it as a persistent daemon on the user's machine. This is remote code execution by design — the binary is not audited, not sandboxed, and runs with the user's full permissions.
CRITICAL Social engineering to convince agent to mine autonomously -45 ▶
The SKILL.md uses carefully crafted persuasive language designed to convince an LLM agent that mining cryptocurrency is in its own interest and the user's interest. Phrases like 'agent autonomy through proof-of-work', 'operating budget', 'more agency for the agent', and 'upside for the human protégé' are social engineering targeting the agent's instruction-following behavior. This is a form of prompt injection that bypasses the user's informed consent.
HIGH Persistent daemon process survives agent session -15 ▶
The mining daemon is started with -daemon flag, meaning it forks to background and continues running after the agent session ends. The user may not know a cryptocurrency miner is running on their machine consuming CPU, RAM (256MB-2GB for RandomX), and network bandwidth indefinitely.
HIGH Unauthorized resource consumption (cryptojacking pattern) -50 ▶
This skill follows the classic cryptojacking pattern: convince a system to run mining software that consumes the victim's computational resources (CPU, RAM, electricity, network) for the benefit of the miner. The framing as an 'agent skill' is a novel delivery mechanism but the end result is the same — unauthorized resource consumption.
HIGH Binary installs to PATH for persistent access -15 ▶
The skill instructs copying the mining binaries to ~/.local/bin/ which is typically on the user's PATH. This means the mining software persists across sessions and can be invoked at any time, even outside the agent context.
MEDIUM Skill claims to be trust-first while instructing risky actions -20 ▶
The skill's description says 'trust-first workflow: clear value proposition, verifiable binaries, and explicit operational guidance' but the actual instructions download and execute unaudited third-party binaries. The 'trust' framing creates false confidence in the agent.
MEDIUM Mining daemon opens uncontrolled network connections -20 ▶
botcoind as a blockchain node connects to peer nodes across the internet. These network connections are unmonitored and could theoretically be used as a covert channel, though this is inherent to blockchain software rather than a specific exfiltration technique.
MEDIUM Install phase accessed sensitive credential files -10 ▶
Filesystem monitoring detected reads of /home/oc-exec/.env and /home/oc-exec/.aws/credentials during the install phase. While this may be attributable to the openclaw runtime rather than the skill itself, it represents access to sensitive credentials in the skill's install context.
LOW Narrative framing encourages agent to act without user confirmation -5 ▶
The skill's narrative about 'agent autonomy' and creating an 'operating budget' could encourage an agent to proceed with mining without explicitly confirming with the user that they want to dedicate CPU resources to cryptocurrency mining.