aibtc-bitcoin-wallet
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill follows secure key management practices by storing wallet mnemonics in an encrypted format at
~/.aibtc/and requiring an explicit password-based unlock for signing transactions. - [EXTERNAL_DOWNLOADS]: Installation instructions reference the verified vendor package
@aibtc/mcp-serveron npm, which is a standard procedure for deploying the required MCP server environment. - [DATA_EXFILTRATION]: Network communication is limited to vendor-owned domains including aibtc.com, pillarbtc.com, and stx402.com for service-critical tasks such as agent registration and DeFi operations.
- [COMMAND_EXECUTION]: The skill provides interfaces for performing on-chain transactions and smart contract calls, which are restricted to the context of the user's authenticated wallet.
- [SAFE]: An indirect data surface exists in the 'Paid Attention' check-in loop (ingestion point:
references/genesis-lifecycle.md). Although boundary markers and specific sanitization steps are not mentioned, the skill's capabilities (inventory:btc_sign_message,transfer_btcinSKILL.md) are applied only for protocol-defined identity and reputation updates.
Audit Metadata