botcoin-coretex-miner

Warn

Audited by Snyk on Jun 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires fetching live runtime instructions from the coordinator at COORDINATOR_URL (e.g. https://coordinator.agentmoney.net) — endpoints such as /coretex/status and /coretex/schema are called during runtime and their responses directly determine/drive patch encoding and miner behavior, so this is a runtime external dependency that controls agent instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly includes end-to-end instructions and interfaces for on-chain transaction signing and submission: it offers Path A (Bankr) with Bankr's wallet/sign and wallet/submit API calls, and Path B (self-managed EOA) that requires a miner private key plus an RPC and shows exact cast/ethers/viem commands to call submitCoreTexReceipt and claim(uint64[]) on the BotcoinMiningV4 contract. It provides pre-encoded transaction objects, an EIP‑712 CoreTexReceipt tuple, and direct commands to broadcast those transactions. These are specific crypto/blockchain payment-signing and transaction-execution capabilities (wallet signing + contract calls) intended to move value/claim rewards on-chain, not generic tooling. Therefore this skill grants direct financial execution authority.

Issues (2)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 10:26 PM
Issues
2
Security Audit — snyk — botcoin-coretex-miner