Skills
skills/aibtcdev/skills/pillar/Gen Agent Trust Hub

pillar

Warn

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to interact with the host operating system to open a browser.
  • Evidence: In pillar/pillar.ts, the openBrowser function uses child_process.exec to run platform-specific commands (open, start, xdg-open) with a URL constructed from dynamic data.
  • The URL includes an opId parameter fetched from the Pillar backend API. If the API returns a malicious payload containing shell metacharacters, it could lead to command injection, as the input is interpolated into a shell command string.
  • [CREDENTIALS_UNSAFE]: The skill implements a key management system that relies on environment variables for security.
  • Evidence: In pillar/pillar-direct.ts, the getDerivedPassword function generates a hash based on the PILLAR_API_KEY environment variable.
  • This derived hash is used as a password to unlock local secp256k1 signing keys stored in ~/.aibtc/signing-keys/. This design means that any entity with access to the environment variables can gain full access to the wallet's signing capabilities.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 13, 2026, 07:30 PM