alchemy-api
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a secure workflow for obtaining and persisting Alchemy API keys. It instructs the user to use the official Alchemy CLI for authentication and to store keys in environment files like
.env, which are then added to.gitignoreto prevent accidental exposure. - [SAFE]: All network operations described in the documentation and code examples target well-known, official Alchemy domains (e.g.,
g.alchemy.com,dashboard.alchemy.com). - [SAFE]: The skill includes explicit instructions and code examples for verifying webhook signatures using HMAC-SHA256. This is a critical security best practice to ensure that data received via webhooks is authentic and has not been tampered with.
- [SAFE]: No malicious patterns such as prompt injection, obfuscation, or unauthorized data exfiltration were detected. The use of shell commands like
sedandgrepis limited to standard project configuration tasks.
Audit Metadata