clanker
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Documentation provides instructions for installing required dependencies
clanker-sdkandviemusing standard package managers like npm and yarn. - [CREDENTIALS_UNSAFE]: The skill requires a
PRIVATE_KEYfor transaction signing and deployment operations, with documentation recommending environment variables for storage and warning against committing keys to version control. - [EXTERNAL_DOWNLOADS]: The skill references and fetches token images and metadata from IPFS using the
ipfs://protocol during the deployment process. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by processing untrusted user input for token configuration. Ingestion points: User-provided token names, symbols, descriptions, and airdrop recipient lists. Boundary markers: Absent. Capability inventory: High-privilege blockchain operations including token deployment, metadata updates, and airdrop registration. Sanitization: Absent; user-supplied strings are interpolated directly into transactions and configuration objects without escaping.
Audit Metadata