onchainkit
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several Python utility scripts (
create-onchain-app.py,setup-environment.py,validate-setup.py) that execute shell commands to manage Node.js projects. - These scripts run commands like
npm install,npm create, andnpm run buildto facilitate the development workflow. - User-supplied inputs, such as project names, are validated using alphanumeric checks (
isalnum()) to prevent command injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill automates the installation of dependencies from the official npm registry, specifically focusing on the
@coinbase/onchainkitpackage. These downloads originate from a well-known service and trusted organization. - [REMOTE_CODE_EXECUTION]: The initialization script uses the
npm create onchain@latestpattern, which is the standard and official method for bootstrapping applications within the OnchainKit ecosystem. This execution is confined to the project initialization phase and targets official vendor tools.
Audit Metadata