neynar
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill connects to api.neynar.com to interact with the Farcaster protocol. While a scanner flagged docs.farcaster.xyz, this is a well-known documentation site for a major social protocol and is likely a false positive in the scanner's blacklist.
- [COMMAND_EXECUTION] (SAFE): The skill uses curl and jq as binaries to perform API requests and process JSON responses. This is standard behavior for a CLI-based skill and does not involve arbitrary command execution or privilege escalation.
- [CREDENTIALS_UNSAFE] (SAFE): The documentation correctly instructs users to provide their own NEYNAR_API_KEY and signerUuid in a local config file. No hardcoded credentials were found in the skill content.
- [DATA_EXFILTRATION] (SAFE): Data transmission is limited to the official Neynar API endpoints for the purpose of social media interaction (reading/posting casts). No sensitive system files or local data are accessed or sent externally.
Recommendations
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata