aibtc-bitcoin-wallet

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill follows secure key management practices by storing wallet mnemonics in an encrypted format at ~/.aibtc/ and requiring an explicit password-based unlock for signing transactions.
  • [EXTERNAL_DOWNLOADS]: Installation instructions reference the verified vendor package @aibtc/mcp-server on npm, which is a standard procedure for deploying the required MCP server environment.
  • [DATA_EXFILTRATION]: Network communication is limited to vendor-owned domains including aibtc.com, pillarbtc.com, and stx402.com for service-critical tasks such as agent registration and DeFi operations.
  • [COMMAND_EXECUTION]: The skill provides interfaces for performing on-chain transactions and smart contract calls, which are restricted to the context of the user's authenticated wallet.
  • [SAFE]: An indirect data surface exists in the 'Paid Attention' check-in loop (ingestion point: references/genesis-lifecycle.md). Although boundary markers and specific sanitization steps are not mentioned, the skill's capabilities (inventory: btc_sign_message, transfer_btc in SKILL.md) are applied only for protocol-defined identity and reputation updates.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 12:56 PM
Security Audit — agent-trust-hub — aibtc-bitcoin-wallet