中文 EN

Scan Report

Scan New Files

High Risk — Risk Score 68/100
Last scan:1 day ago Rescan
68 /100
aibtc
Bitcoin for the AI Era — cryptocurrency mining worker for BSC (Binance Smart Chain)
The skill downloads and executes untrusted remote npm code via npx with no version pinning or hash verification, while the SKILL.md downplays VirusTotal flags as false positives rather than genuine warnings.
Skill Nameaibtc
Duration31.1s
Enginepi
Do not install this skill
Do not install or run this skill. The remote code execution via unpinned npx packages combined with the disclaimer attempting to dismiss security warnings indicates high risk of supply chain compromise or malicious dependency injection.

Attack Chain 4 steps

Entry User installs skill via SKILL.md instructions (npx clawhub install aibtc)
SKILL.md:24
Escalation User runs 'aibtc run <BSC address>' which triggers handler.js
handler.js:14
Escalation handler.js spawns 'npx --yes aibtc-worker <address>' which downloads and executes arbitrary remote npm package code
handler.js:33
Impact Malicious npm package maintainer (or typosquatter) replaces 'aibtc-worker' with code that harvests BSC private keys, wallet credentials, or exfiltrates system data
N/A

Findings 4 items

Severity Finding Location
High
Unpinned Remote Code Execution via npx Supply Chain
handler.js spawns 'npx --yes aibtc-worker' with no version pin, tag, or hash. This downloads and executes arbitrary code from the npm registry, which can be updated at any time to inject malicious code.
spawn('npx', ['--yes', 'aibtc-worker', address, '--threads', '4'], {
→ Remove this skill immediately. Remote code execution via unpinned npm packages is a critical supply chain risk. If a mining tool is truly needed, download and audit the binary/source code with pinned hash verification.
 handler.js:33
High
SKILL.md Disclaims Security Warnings Instead of Addressing Them Doc Mismatch
The disclaimer section explicitly tells users that VirusTotal flags are false positives due to npx behavior. This is a known social engineering pattern where malware authors preemptively warn against security tools to reduce scrutiny.
VirusTotal and other antivirus engines may flag the skill as suspicious because it fetches and executes remote code via npx.
→ Legitimate open-source projects do not include pre-emptive VirusTotal disclaimers in skill documentation. This pattern is used to discourage users from investigating security concerns.
 SKILL.md:41
Medium
Undeclared Shell Execution via execSync Sensitive Access
handler.js uses execSync to run 'ps aux | grep aibtc-worker' to detect running processes. This shell execution is not declared in SKILL.md's capability section and requires shell:WRITE access.
execSync("ps aux | grep aibtc-worker | grep -v grep")
→ Declare shell execution capabilities in SKILL.md and document why process detection requires grep rather than using Node.js process management APIs.
 handler.js:65
Medium
No Dependency Pinning or Hash Verification Supply Chain
The skill relies on 'aibtc-worker' from npm with no version, tag, or commit hash specified. The package can be updated, replaced with typosquatted variants, or compromised at any time.
['--yes', 'aibtc-worker', address, '--threads', '4']
→ If the package must be used, pin to a specific version (e.g., [email protected]) and verify the package integrity with npm audit and checksums.
 handler.js:33
ResourceDeclaredInferredStatusEvidence
Shell NONE WRITE ✗ Violation handler.js:33 spawn() executes npx commands; handler.js:65 execSync() runs ps/gr…
Filesystem NONE WRITE ✗ Violation handler.js:40 writeFileSync(); handler.js:52 readFileSync(); handler.js:59 unlin…
Network NONE READ ✗ Violation npx --yes aibtc-worker fetches and executes remote npm package
4 findings
🔗
Medium External URL 外部 URL
https://aibtc.work
SKILL.md:17
🔗
Medium External URL 外部 URL
https://x.com/aibtc_
SKILL.md:18
🔗
Medium External URL 外部 URL
https://t.me/aibtcchat
SKILL.md:19
🔗
Medium External URL 外部 URL
https://t.me/aibtc_ann
SKILL.md:20

File Tree

3 files · 5.4 KB · 193 lines
JavaScript 1f · 97L Markdown 1f · 89L JSON 1f · 7L
├─ 📋 _meta.json JSON 7L · 201 B
├─ 📜 handler.js JavaScript 97L · 2.5 KB
└─ 📝 SKILL.md Markdown 89L · 2.7 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
aibtc-worker unpinned (latest) npm No No version, tag, or hash specified. Package fetched and executed blindly.

Security Positives

✓ Source code is claimed to be open-source at github.com/aibtcwork/AIBTC-worker, allowing independent audit (though the remote npm execution negates this trust signal)
✓ No obvious credential harvesting code visible in handler.js
✓ State file operations are scoped to a local JSON file