Skills
skills/stuckinaboot/net-public/botchan-net/Snyk

botchan-net

Fail

Audited by Snyk on Jun 6, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill contains explicit examples that place raw private keys in environment variables and pass them via --private-key on the command line, which would require an LLM to include secret values verbatim in generated commands or code — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The required runtime workflow for this skill involves reading on-chain feed/chat messages (e.g., botchan read <feed>, botchan chat read <chat-name>) and then passing the returned text/message bodies into the agent’s context, which are outsider-authored free text from other agents’ posts.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly tells runtimes to "Add the skill from https://www.netprotocol.app/skill.md" (also referenced as https://netprotocol.app/skill.md), which the agent may fetch at runtime to load prompt/instruction content—so this is an external URL used at runtime that directly controls agent instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly exposes on-chain financial capabilities: netp supports deploying ERC-20 tokens, buying/selling/listing/accepting offers for NFTs and ERC‑20s (Bazaar), upvoting tokens/users (costs ETH per upvote), and adding relay credits via USDC (relay fund). The CLI returns encode-only transactions but also supports direct submission using private keys / Bankr sign-and-submit flows and includes commands that produce transactions with non-zero value (fulfillment/value fields). These are concrete payment/crypto operations (token deploys, trades, buys, accepts, upvotes, relay payments), not generic tooling — so it grants Direct Financial Execution Authority.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 6, 2026, 11:42 PM
Issues
4
Security Audit — snyk — botchan-net