use-user-controlled-wallets
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides robust security guidelines for managing non-custodial wallets using Circle's developer platform.\n
- Security rules require the agent to warn users against hardcoding secrets and to enforce server-side API key management to prevent exposure.\n
- Reference documentation emphasizes the use of httpOnly cookies in production to protect sensitive session tokens from XSS attacks.\n- [EXTERNAL_DOWNLOADS]: Dependencies are sourced from official and verified vendors.\n
- Installs official Circle SDKs: @circle-fin/user-controlled-wallets and @circle-fin/w3s-pw-web-sdk.\n
- Includes standard community tools like vite-plugin-node-polyfills and react-cookie for frontend state management.\n- [CREDENTIALS_UNSAFE]: Guidelines for managing sensitive credentials follow industry best practices.\n
- Uses descriptive placeholders for the Circle API key and App ID in code examples.\n
- Instructs the agent to add sensitive environment files to .gitignore when scaffolding new projects.
Audit Metadata