signing
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate cryptographic functions required for blockchain interactions and identity management on the AIBTC platform.
- [CREDENTIALS_UNSAFE]: The skill manages private keys but does so via an internal wallet-manager service rather than using hardcoded secrets. No sensitive credentials were found in the source code.
- [DATA_EXFILTRATION]: All signing operations are performed locally. No network requests to external or untrusted domains were identified.
- [REMOTE_CODE_EXECUTION]: The implementation uses standard cryptographic libraries and does not perform dynamic code evaluation or remote script execution.
- [COMMAND_EXECUTION]: Implements a command-line interface using the 'commander' library for secure and structured user interaction.
- [SAFE]: A 'blind-signing safety gate' is implemented for raw digest signing in 'schnorr-sign-digest', requiring an explicit confirmation flag to mitigate risks.
Audit Metadata