aibtc 安全扫描报告 — 高风险 | ClawSafe

68 /100

aibtc

Bitcoin for the AI Era — cryptocurrency mining worker for BSC (Binance Smart Chain)

The skill downloads and executes untrusted remote npm code via npx with no version pinning or hash verification, while the SKILL.md downplays VirusTotal flags as false positives rather than genuine warnings.

技能名称aibtc

分析耗时31.1s

引擎pi

⛔

不要安装此技能

Do not install or run this skill. The remote code execution via unpinned npx packages combined with the disclaimer attempting to dismiss security warnings indicates high risk of supply chain compromise or malicious dependency injection.

攻击链 4 步

◎

入口 User installs skill via SKILL.md instructions (npx clawhub install aibtc)

SKILL.md:24

⬡

提权 User runs 'aibtc run <BSC address>' which triggers handler.js

handler.js:14

⬡

提权 handler.js spawns 'npx --yes aibtc-worker <address>' which downloads and executes arbitrary remote npm package code

handler.js:33

◉

影响 Malicious npm package maintainer (or typosquatter) replaces 'aibtc-worker' with code that harvests BSC private keys, wallet credentials, or exfiltrates system data

N/A

安全发现 4 项

严重性	安全发现	位置
高危	Unpinned Remote Code Execution via npx 供应链 handler.js spawns 'npx --yes aibtc-worker' with no version pin, tag, or hash. This downloads and executes arbitrary code from the npm registry, which can be updated at any time to inject malicious code. `spawn('npx', ['--yes', 'aibtc-worker', address, '--threads', '4'], {` → Remove this skill immediately. Remote code execution via unpinned npm packages is a critical supply chain risk. If a mining tool is truly needed, download and audit the binary/source code with pinned hash verification.	`handler.js:33`
高危	SKILL.md Disclaims Security Warnings Instead of Addressing Them 文档欺骗 The disclaimer section explicitly tells users that VirusTotal flags are false positives due to npx behavior. This is a known social engineering pattern where malware authors preemptively warn against security tools to reduce scrutiny. `VirusTotal and other antivirus engines may flag the skill as suspicious because it fetches and executes remote code via npx.` → Legitimate open-source projects do not include pre-emptive VirusTotal disclaimers in skill documentation. This pattern is used to discourage users from investigating security concerns.	`SKILL.md:41`
中危	Undeclared Shell Execution via execSync 敏感访问 handler.js uses execSync to run 'ps aux \| grep aibtc-worker' to detect running processes. This shell execution is not declared in SKILL.md's capability section and requires shell:WRITE access. `execSync("ps aux \| grep aibtc-worker \| grep -v grep")` → Declare shell execution capabilities in SKILL.md and document why process detection requires grep rather than using Node.js process management APIs.	`handler.js:65`
中危	No Dependency Pinning or Hash Verification 供应链 The skill relies on 'aibtc-worker' from npm with no version, tag, or commit hash specified. The package can be updated, replaced with typosquatted variants, or compromised at any time. `['--yes', 'aibtc-worker', address, '--threads', '4']` → If the package must be used, pin to a specific version (e.g., [email protected]) and verify the package integrity with npm audit and checksums.	`handler.js:33`

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`WRITE`	✗ 越权	handler.js:33 spawn() executes npx commands; handler.js:65 execSync() runs ps/gr…
文件系统	`NONE`	`WRITE`	✗ 越权	handler.js:40 writeFileSync(); handler.js:52 readFileSync(); handler.js:59 unlin…
网络访问	`NONE`	`READ`	✗ 越权	npx --yes aibtc-worker fetches and executes remote npm package

4 项发现

🔗

中危外部 URL 外部 URL

https://aibtc.work

SKILL.md:17

🔗

中危外部 URL 外部 URL

https://x.com/aibtc_

SKILL.md:18

🔗

中危外部 URL 外部 URL

https://t.me/aibtcchat

SKILL.md:19

🔗

中危外部 URL 外部 URL

https://t.me/aibtc_ann

SKILL.md:20

目录结构

3 文件 · 5.4 KB · 193 行

JavaScript 1f · 97L Markdown 1f · 89L JSON 1f · 7L

├─ 📋 _meta.json JSON 7L · 201 B

├─ 📜 handler.js JavaScript 97L · 2.5 KB

└─ 📝 SKILL.md Markdown 89L · 2.7 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`aibtc-worker`	`unpinned (latest)`	npm	否	No version, tag, or hash specified. Package fetched and executed blindly.

安全亮点

✓ Source code is claimed to be open-source at github.com/aibtcwork/AIBTC-worker, allowing independent audit (though the remote npm execution negates this trust signal)

✓ No obvious credential harvesting code visible in handler.js

✓ State file operations are scoped to a local JSON file