arkade
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate development kit for the Arkade programmable Bitcoin layer and its associated ecosystem. Behavior is consistent with the stated purpose of a cryptocurrency wallet and swap utility.
- [EXTERNAL_DOWNLOADS]: The skill interacts with official vendor-specific and well-known service APIs, including
arkade.computerfor Bitcoin offchain operations,boltz.exchangefor Lightning swaps, andlendasat.comfor stablecoin swaps. These are required for the skill's primary financial functions. - [COMMAND_EXECUTION]: Documentation provides standard installation instructions using
npmandpnpm. No unauthorized or privileged command execution was identified. - [REMOTE_CODE_EXECUTION]: The project includes a local patch file for the
@lendasat/lendaswap-sdk-puredependency. Analysis of the patch confirms it only modifies ESM import extensions to ensure compatibility with Node.js and does not introduce malicious logic. - [DATA_EXFILTRATION]: Cryptographic material such as private keys and mnemonics are managed by the skill for the purpose of local transaction signing. No patterns of unauthorized exfiltration or credential hardcoding were found.
Audit Metadata