bankr-airdrop
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected. The skill's behavior aligns with its documented purpose of distributing tokens to NFT holders.
- [CREDENTIALS_UNSAFE]: The skill accesses a private key from a local file at
~/.axiom/wallet.env. This is a vendor-standard location for the author '0xaxiom' and the key is used locally for transaction signing without being sent to external servers. - [EXTERNAL_DOWNLOADS]: The skill fetches data from
https://api.bankr.botandhttps://basescan.org. These are necessary data sources for calculating airdrop distributions and are used appropriately. - [COMMAND_EXECUTION]: The skill workflow involves executing local scripts (
airdrop.mjs,snapshot-bankr-holders.py) to manage airdrop logic. These scripts do not contain arbitrary command injection or privilege escalation vectors.
Audit Metadata