nansen-wallet
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the nansen-cli package from the Node.js registry during its installation phase.
- [COMMAND_EXECUTION]: Uses the openssl tool to generate high-entropy random passwords for wallet encryption.
- [DATA_EXFILTRATION]: Accesses and manages the sensitive configuration file ~/.nansen/.env which stores the wallet encryption password.
- [DATA_EXFILTRATION]: Provides functionality to export wallet information via the nansen wallet export command, which can expose private keys.
- [PROMPT_INJECTION]: Contains a vulnerability surface for indirect prompt injection as the agent processes wallet labels and transaction data. Ingestion points: Output from wallet list and show commands. Boundary markers: None. Capability inventory: Token transfers and shell execution. Sanitization: Absent.
Audit Metadata