helixa

SUSPICIOUS. The skill is purpose-aligned and mostly uses expected endpoints/tools for an onchain identity service, so it does not look fundamentally deceptive. However, it enables wallet-based auth, contract transactions, and micropayments with real financial consequences, and it processes untrusted user-generated API content that could carry prompt injection. Overall this is a coherent but medium-high risk skill for AI agents, driven more by autonomy and credential handling than by overt malware signals.

This file is a small, explicit CLI that signs a message with a local Ethereum private key and sends a bearer-style token and metadata to api.helixa.xyz to mint an agent. There are no signs of obfuscation, hidden backdoors, or exfiltration of arbitrary system data. The primary security concern is the operational choice to store a private key in an environment variable and send a signature-based bearer token to a third-party API: if the service is untrusted or if tokens can be replayed, that decision can lead to account compromise or misuse. Use dedicated/ephemeral signing keys, hardware signers, and verify server-side anti-replay protections before using a valuable key.