Trust Assessment
bonero-miner received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 5 critical, 1 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Arbitrary command execution, Remote code execution: curl/wget pipe to shell.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/happybigmtn/bonero-miner/SKILL.md:68 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/happybigmtn/bonero-miner/SKILL.md:146 | |
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/happybigmtn/bonero-miner/SKILL.md:27 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/happybigmtn/bonero-miner/SKILL.md:27 | |
| CRITICAL | Direct execution of untrusted remote script (`curl | bash`) The skill instructs the user to execute a remote shell script directly via `curl | bash`. This pattern allows arbitrary code execution on the user's system with the permissions of the executing user. If the remote script (`install.sh`) is compromised or malicious, it can lead to full system compromise. This is a significant command injection and supply chain risk. Avoid direct execution of remote scripts. Instead, recommend downloading the script, reviewing its contents, and then executing it in a controlled environment. For automated agents, consider sandboxing or using containerized environments. | LLM | SKILL.md:25 | |
| HIGH | Use of `sudo` for installation and dependencies The skill's installation instructions, both via the `install.sh` script (implied by `curl | bash`) and the manual build steps, explicitly require `sudo` for installing system dependencies. This grants root privileges to potentially untrusted code, significantly increasing the attack surface if the script or source code is malicious. An attacker could leverage this to gain full control over the system. Minimize the use of `sudo`. If root privileges are necessary, ensure the script is thoroughly vetted and executed in a highly controlled and isolated environment. Explore alternative installation methods that do not require elevated privileges, such as user-space installations or containerization. | LLM | SKILL.md:65 | |
| MEDIUM | Unpinned Git repository clone The skill instructs to clone a Git repository (`https://github.com/happybigmtn/bonero.git`) without specifying a particular commit hash or tag. This means that future changes to the `master` branch of the repository could introduce malicious code or vulnerabilities without the user's explicit knowledge or review, leading to a supply chain attack. The `--recursive` flag further extends this risk to submodules. Recommend pinning to a specific commit hash or a signed tag when cloning repositories to ensure reproducibility and prevent unexpected changes from upstream. Regularly audit the pinned version for security updates. | LLM | SKILL.md:70 | |
| LOW | Outbound connections to hardcoded external IP addresses The `bonerod` daemon is configured to connect to several hardcoded external IP addresses as peers. While this is standard for a cryptocurrency node to participate in the network, it involves making outbound connections to potentially untrusted third-party servers. This could expose the agent's network presence and potentially facilitate traffic analysis, although it's not direct malicious data exfiltration. Inform the user about all external network connections made by the skill. Implement network egress filtering to control and monitor outbound traffic from the agent's environment. | LLM | SKILL.md:45 |
Scan History
Embed Code
[](https://skillshield.io/report/eb1bed6c23c6572d)
Powered by SkillShield