The bot know where the money come from and where to go which no longer a confidential transfer.
You're right. Even if the bot or its owner (me) is honest and doesn't store anything server-side, there's a risk of being hacked. After getting access to the bot's private keys, it'll be possible to extract all the transfers with the sender/receiver info from the blockchain decrypting the MEMO field.
Another thing that concerns me a lot is 100% uptime. The
cli-wallet i use as an RPC interface could crash or lost connection. Its function
get_account_history that returns latest transactions has a limit of 100 elements. It means that if during downtime there'll be ≥101 transfers, some of them will be lost. DDOS-ing the bot account with lots of small transfers could have the same effect even with working cli-wallet. Probably a more sophisticated algorithm needed.
Why not deposit to an exchange then withdraw to another account
Great idea! Still risky and probably not 100% confidential, but it's the easiest way at the moment.
Thanks!