moltycash
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
bankrCLI to execute payment commands (bankr x402 call). This is the intended mechanism for performing on-chain transactions. - [EXTERNAL_DOWNLOADS]: Requires the installation of the
bankrbinary. As this is a tool provided by the vendor (BankrBot), it is considered a legitimate dependency for the skill's functionality. - [DATA_EXFILTRATION]: Transmits payment details and a user-provided
MOLTY_IDENTITY_TOKENtoapi.molty.cash. This is the official endpoint for the service and is necessary for authenticating and processing the requested payments. - [SAFE]: The skill follows standard security practices for secret management by instructing users to provide sensitive tokens via environment variables rather than hardcoding them.
Audit Metadata