Skills
skills/casualsecurityinc/xno-skills/create-wallet/Gen Agent Trust Hub

create-wallet

Warn

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx -y xno-skills to download the xno-skills package from the NPM registry during execution.
  • [REMOTE_CODE_EXECUTION]: Executing packages directly via npx at runtime without pinned versions allows for the execution of external code.
  • [COMMAND_EXECUTION]: The skill invokes shell commands for cryptographic wallet management.
  • [CREDENTIALS_UNSAFE]: The probe-mnemonic command passes a sensitive mnemonic phrase as a direct command-line argument, making it potentially visible in process lists or shell history.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 05:24 AM