manage-bap-backup
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is designed to handle 'rootPk' values, which are highly sensitive blockchain private keys in WIF or xprv format.
- [CREDENTIALS_UNSAFE]: Code examples in the documentation explicitly demonstrate writing these unencrypted private keys to a local file named 'backup.json' using 'writeFileSync'. This practice exposes raw credentials to the filesystem.
- [COMMAND_EXECUTION]: The skill requires the use of several command-line tools and libraries ('bsv-bap', 'bitcoin-backup') for identity management and cryptographic operations, which are executed in the local environment.
Recommendations
- AI detected serious security threats
Audit Metadata