trading-evm
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill requires the 'EVM_PRIVATE_KEY' environment variable. Handling raw private keys in an AI agent's environment is a high-risk practice as it exposes the wallet to potential theft if any part of the skill's code or dependencies is compromised.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The code imports from 'clodds/evm/uniswap' and 'clodds/evm/oneinch'. This is an unverified library not found in standard public registries like npm or listed under trusted organizations. This introduces a significant supply chain risk.
- [DATA_EXFILTRATION] (MEDIUM): While no explicit exfiltration is present, the capability to read a private key and make network calls (via DEX integrations) provides a functional path for exfiltrating sensitive credentials.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from user chat commands (token symbols and amounts). While it uses structured API calls, it lacks explicit boundary markers or sanitization logic in the documentation to prevent malicious token names from influencing the LLM's logic.
- Ingestion points: '/swap', '/quote', and '/balance' command parameters in SKILL.md.
- Boundary markers: Absent. No delimiters or 'ignore instructions' warnings are present around interpolated inputs.
- Capability inventory: Access to 'EVM_PRIVATE_KEY' and network-based transaction signing via Uniswap/1inch.
- Sanitization: Relies on the 'resolveToken' function which is part of the unverified 'clodds' library.
Recommendations
- AI detected serious security threats
Audit Metadata