mcp-wallet
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation specifies that when persistence is enabled, wallet information is stored as unencrypted, plaintext JSON in the file path
.xno-mcp/wallets.json. This practice exposes cryptocurrency seeds and private keys to any user or process with read access to the local file system. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external data and possessing high-privilege financial capabilities.
- Ingestion points: The agent ingests data from external account states and transaction blocks via the
xno-mcpservice (SKILL.md). - Boundary markers: There are no specified boundary markers or instructions to ignore embedded commands within the processed transaction data.
- Capability inventory: The skill has the capability to move funds (
wallet_send) and modify account states (wallet_receive,wallet_create). - Sanitization: No sanitization or validation logic is defined for data received from the external MCP server before it is used to influence agent decisions.
Audit Metadata