arkade
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: A thorough security audit was performed across all 18 files. No signs of malicious patterns, prompt injections, or unauthorized data access were found.
- [EXTERNAL_DOWNLOADS]: The skill depends on vendor-owned packages (@arkade-os/sdk, @arkade-os/boltz-swap, and @lendasat/lendaswap-sdk-pure). Network requests are restricted to official service endpoints (arkade.computer, boltz.exchange, and lendasat.com) which are necessary for the skill's primary financial functions.
- [CREDENTIALS_UNSAFE]: The skill instructions correctly use placeholders for private keys and include explicit warnings for developers to use secure key management solutions in production environments.
- [REMOTE_CODE_EXECUTION]: No dynamic code execution or untrusted remote script loading was identified. The included pnpm patch is a transparent fix for module resolution in a dependency and does not introduce security risks.
Audit Metadata