veil
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of an external dependency
@veil-cash/sdkfrom npm. This package and its maintainer are not in the trusted sources list. Since the SDK is responsible for sensitive ZK-proof generation and transaction logic, it represents an unverifiable dependency risk. - CREDENTIALS_UNSAFE (MEDIUM): The skill documentation instructs users to manage and export sensitive private keys (
VEIL_KEYandPRIVATE_KEY). While these are necessary for the skill's primary function (shielded transactions), they are high-value targets for data exfiltration by other malicious skills or compromised dependencies. - COMMAND_EXECUTION (LOW): The skill triggers blockchain operations based on user input. While this is the intended functionality, it grants the agent authority over financial assets.
Audit Metadata