BlueAgent skill v2 — 70 tools, Builder OS for Base#484
Conversation
saltoriousSIG
left a comment
saltoriousSIG
left a comment
There was a problem hiding this comment.
There are a few security issues that need to be addressed before merging. Let me know if you have any questions!
High: avoid showing @blueagent/sdk initialized with process.env.WALLET_KEY; this normalizes handing a hot private key to a third-party SDK, so this should use Bankr-managed signing, WalletConnect, KMS/WaaS, or clearly mark raw keys as dev-only.
High: add guardrails around claude mcp add blueagent https://blueagent.dev/api/mcp; remote MCPs can inject tools/instructions or exfiltrate context, so the skill should say to only install trusted MCPs, review permissions, keep secrets/workspace data out, and require confirmation for paid or wallet actions.
High: add x402 spend controls to the paid-call examples; agents can be prompt-injected into repeated paid calls, so the skill should recommend verifying host/recipient/price and setting per-session/day caps plus confirmation above a small threshold.
High: treat blue-deploy and blue-compose outputs as untrusted; remotely generated scripts/workflows can include malicious calldata, approvals, or shell commands, so the skill should require inspection, sandbox/testnet runs, address verification, and human approval before mainnet execution.
Medium: clarify that token signals, whale-copy signals, DeFi opportunities, and risk-gate are advisory only; they should not be treated as approval to trade or interact with contracts without simulation, slippage/allowance limits, address checks, and user confirmation.
Medium: add basic safety language to the $BLUEAGENT credits section; users/agents should verify the token contract independently, avoid unlimited approvals, use a limited wallet, and not buy/approve tokens automatically from the skill text alone.
Address 6 review items in blueagent/SKILL.md: - SDK: flag raw private keys as DEV ONLY + production signing note (HIGH) - MCP: trusted-source install warning before the add command (HIGH) - Quick Start: add Spend Controls (host/recipient/price/cap/confirm) (HIGH) - blue-deploy + blue-compose: treat generated outputs as untrusted (HIGH) - Intelligence/signals: advisory-only disclaimer, not financial advice (MED) - $BLUEAGENT credits: token-safety (verify contract, no unlimited approvals) (MED) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
thanks for the detailed review addressed all 6 issues in the latest commit (e8a52d1): HIGH
MEDIUM
let me know if anything else needs adjusting! |
2 participants
Updates BlueAgent skill from 31 tools (quantum series, outdated) to 70 live x402 tools on Bankr. New positioning: The Builder OS for Base. Correct Base URL and pricing.