wallet-send-bsv
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill correctly implements its described functionality for managing BSV payments using the official
@bsv/sdklibrary. Logic for address validation, UTXO fetching, and transaction signing follows standard cryptographic practices. - [EXTERNAL_DOWNLOADS]: The script fetches unspent transaction outputs (UTXOs) from the WhatsOnChain API (api.whatsonchain.com) and broadcasts signed transactions via GorillaPool's ARC service (arc.gorillapool.io). Both are recognized and well-known services within the BSV ecosystem.
- [CREDENTIALS_UNSAFE]: A functional private key is present in the test file and documentation examples. This key is explicitly used for unit testing and as a placeholder for CLI usage instructions; it does not represent a vulnerability or an exposure of user-sensitive data.
- [COMMAND_EXECUTION]: The skill is designed as a CLI tool that accepts a private key as a command-line argument. While this is standard for the tool's intended use case, it is a known practice that CLI arguments may be visible in process monitoring tools or shell history.
Audit Metadata