Skills
skills/casualsecurityinc/xno-skills/nano-verify-message/Gen Agent Trust Hub

nano-verify-message

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for using the xno-skills CLI tool to verify signatures. It explicitly directs the agent to use standard subcommands like verify and --help to ensure predictable behavior.
  • [EXTERNAL_DOWNLOADS]: The instructions utilize bunx, pnpm dlx, and npx to fetch and execute the xno-skills package from the npm registry. This is a standard practice for utilizing the latest version of a trusted command-line utility.
  • [CREDENTIALS_UNSAFE]: The skill contains a 'Safety & Best Practices' section that explicitly forbids the export of mnemonics or seed phrases, stating that the purpose of the associated wallet standard is to keep these secrets hidden from the agent.
  • [REMOTE_CODE_EXECUTION]: The skill explicitly prohibits the creation of custom Node.js/TypeScript scripts or the use of curl for protocol interactions, mitigating the risk of arbitrary code execution or unverified network requests.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 05:24 AM