Skills
skills/bankrbot/skills/onchainkit/Gen Agent Trust Hub

onchainkit

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Python-based automation to run system commands for project scaffolding and builds.
  • Evidence: The scripts/create-onchain-app.py script utilizes subprocess.run with shell=True to execute the npm create onchain command.
  • Mitigation: Input validation is applied to the project name to ensure it only contains alphanumeric characters, hyphens, and underscores, which effectively prevents shell injection attacks.
  • [EXTERNAL_DOWNLOADS]: The skill automates the retrieval of development packages from public registries.
  • Evidence: scripts/setup-environment.py executes npm install @coinbase/onchainkit to manage project dependencies.
  • Evidence: scripts/create-onchain-app.py invokes npm create onchain@latest to bootstrap projects.
  • Context: These downloads target official and well-known packages from Coinbase, representing standard development workflows without suspicious remote sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 03:11 AM