escrow-agent
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs users to install multiple packages (
escrowagent-sdk,escrowagent-agent-tools) from an unverified source (cruellacodes). These packages are not hosted within the trusted organizations list and have not been audited for safety. - [CREDENTIALS_UNSAFE] (MEDIUM): The skill documentation requires users to provide
AGENT_PRIVATE_KEYandBASE_PRIVATE_KEYvia environment variables. While necessary for blockchain operations, providing raw private keys to unverified SDKs and MCP servers poses a significant risk of credential theft if the underlying code is compromised. - [COMMAND_EXECUTION] (MEDIUM): The skill uses
npxto execute remote code at runtime (npx escrowagent@latest initandnpx skills add cruellacodes/escrowagent). This 'download and execute' pattern from an unverified author allows for arbitrary command execution on the host machine. - [DATA_EXPOSURE] (LOW): The skill references external infrastructure (e.g.,
escrowagent.onrender.com,escrowagent.vercel.app) for indexing and API services. While not explicitly malicious, interacting with these unverified endpoints with agent-specific data can lead to metadata exposure. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection risk: The skill processes external data such as 'task descriptions' and 'proof data' within the
createEscrowandsubmitProofmethods (SKILL.md). - Ingestion points:
createEscrowtask object,submitProofdata object. - Boundary markers: Absent; no delimiters or 'ignore' instructions for the task metadata.
- Capability inventory: Transaction execution, fund locking/releasing, reputation querying.
- Sanitization: Absent; the data is passed directly into the tool context.
Audit Metadata