tonapi
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
evalfor script argument manipulation andpython3 -cfor utility tasks such as URL encoding and currency unit conversion. These operations are implemented safely using shell-quoting (printf %q) and do not process untrusted external input as executable code. - [EXTERNAL_DOWNLOADS]: The skill makes network requests using
curltotonapi.ioandrt.tonapi.io. These are the official API endpoints for the TonAPI service and are used exclusively for the primary purpose of the skill. - [CREDENTIALS_UNSAFE]:
config/README.mdcontains a mock API token used for documentation purposes. It is clearly labeled as an example for user configuration and does not represent a leaked or hardcoded secret. - [DATA_EXPOSURE]: The skill accesses a local configuration file
config/.envto retrieve the user's API token. This is the intended and standard method for managing credentials in this skill.
Audit Metadata