Skills
skills/bluepagesdoteth/agent-plugins/bluepages/Gen Agent Trust Hub

bluepages

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill instructions specify running npx -y github:bluepagesdoteth/bluepages-mcp. This pattern downloads and executes code from an untrusted GitHub repository at runtime.
  • [CREDENTIALS_UNSAFE] (HIGH): The skill explicitly asks for an Ethereum PRIVATE_KEY as an environment variable. Providing raw private keys to agent skills is a critical security risk that can result in the total theft of funds associated with that key.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill depends on external code hosted on GitHub by an unknown author (bluepagesdoteth), which has not been vetted or included in the trusted organization list.
  • [DATA_EXFILTRATION] (LOW): While the skill uses curl to send data to bluepages.fyi, this is the declared purpose of the skill; however, the combination of network access and private key access increases the potential for exfiltration if the MCP server is compromised.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 01:42 PM