onchainkit
Warn
Audited by Socket on Feb 26, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
The code fragment is broadly benign and consistent with a frontend OnchainKit-style library intended for building onchain apps. The primary security concern is the exposure of API keys via frontend environment variables (NEXT_PUBLIC_*) which is standard for client-side integrations but requires careful scoping and backend protections. No explicit malware or data exfiltration mechanisms are evident in the fragment itself. Recommend ensuring strict access controls, proper secret handling (avoid hard-coding secrets, use restricted keys), and robust versioning/lockfiles for templates to mitigate supply-chain drift.
Confidence: 75%Severity: 75%
Audit Metadata