Skills
skills/casualsecurityinc/xno-skills/nano/Gen Agent Trust Hub

nano

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses bunx, pnpm, or npx to execute the xno-skills CLI tool for wallet operations. This execution is limited to specific commands and incorporates safety checks to prevent arbitrary command injection.
  • [EXTERNAL_DOWNLOADS]: The CLI tool is fetched from the npm registry using the @latest tag. This is the intended fallback mechanism for the skill's operation when the MCP environment is unavailable.
  • [DATA_EXFILTRATION]: The skill communicates with public Nano RPC nodes like rainstorm.city and 0x.no. These interactions are standard for querying blockchain state and broadcasting transactions, and the skill explicitly prohibits the use of generic tools like curl for these operations.
  • [PROMPT_INJECTION]: The skill contains negative constraints and safety rules (e.g., 'Never export mnemonics') designed to guide the agent toward secure behavior rather than overriding system instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 06:04 PM