bitget-wallet
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates a strong security posture with multiple layered protections for user assets and credentials.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill emphasizes local key management where mnemonics are stored securely and private keys are derived on-the-fly and discarded. A dedicated utility script (
key_utils.py) ensures that temporary files containing private keys are immediately deleted after being read. - [COMMAND_EXECUTION]: The Python scripts are designed for legitimate API interaction and transaction construction. There is no evidence of arbitrary or malicious shell command execution.
- [EXTERNAL_DOWNLOADS]: Network operations are restricted to the author's official domains (
copenapi.bgwapi.io) and user-specified resource servers for the x402 payment protocol. The skill does not perform unauthorized external downloads or telemetry. - [DYNAMIC_EXECUTION]: Several scripts use
importlib.import_moduleto load internal helper scripts (e.g.,bitget-wallet-agent-api). These imports use hardcoded strings and do not ingest untrusted or user-controlled input, posing no dynamic execution risk. - [PROMPT_INJECTION]: The skill instructions do not contain patterns aimed at overriding agent behavior or bypassing safety filters. Instead, they include protective instructions for the agent to avoid revealing sensitive configuration files or credentials to the user.
Audit Metadata