bitflow

Fail

Audited by Snyk on May 20, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The prompt explicitly allows and documents passing a wallet password inline via --wallet-password (a direct CLI secret argument) and does not prohibit embedding user-supplied wallet secrets verbatim, so the agent could be required to include sensitive values in generated commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill calls public Bitflow endpoints (the Bitflow BFF/public API via bitflowService.getTicker, getSwapQuote, getHodlmmPools/getHodlmmPoolBins, etc., as implemented in bitflow.ts and described in SKILL.md/AGENT.md) and directly consumes those responses to rank routes, compute price impact, and decide/execute swaps and keeper actions, so untrusted third‑party API content can materially influence agent decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly a decentralized-exchange (DEX) client with on-chain write operations: it can execute token swaps, add/withdraw liquidity, create/cancel Keeper automated swap orders, and returns transaction IDs and explorer URLs. Write operations require an unlocked wallet or wallet password, indicating signing/sending transactions on mainnet. This is a specific crypto/blockchain execution capability (sending transactions, managing funds, scheduling orders), not a generic tool.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
May 20, 2026, 06:32 PM
Issues
3
Security Audit — snyk — bitflow