crypto-wallet-testing
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute a shell script from a remote URL (
https://raw.githubusercontent.com/ggonzalez94/defi-cli/main/scripts/install.sh) using thecurl | shpattern. This is a high-risk behavior that executes arbitrary code from an external source without verification or integrity checks. - [CREDENTIALS_UNSAFE]: The skill is designed to manage and use raw, unencrypted cryptographic private keys. It specifically directs the agent to read these keys from local files (
~/.config/crypto-wallet-testing/pk.hex) or environment variables (TESTING_WALLET_PK). Handling raw private keys in plaintext significantly increases the risk of credential exposure and theft. - [COMMAND_EXECUTION]: The skill relies on various system-level commands and third-party CLI tools (such as
castand the customdefiCLI) to perform operations. These tools are used to read sensitive files and interact with blockchain networks, providing multiple vectors for potential data exfiltration if the environment is compromised.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/ggonzalez94/defi-cli/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata