gmgn-cooking
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages sensitive cryptographic material, including an API key and a private key. It correctly instructs the agent to store these in a hidden configuration file (~/.config/gmgn/.env) with restricted file permissions (chmod 600) to prevent unauthorized access. It emphasizes that the private key is used only for local transaction signing and never transmitted over the network.
- [COMMAND_EXECUTION]: The skill utilizes several CLI utilities including the vendor's gmgn-cli, openssl for secure key generation, and base64 for image processing. These commands are necessary for the skill's primary function of deploying on-chain assets and are executed locally within the user's environment.
- [EXTERNAL_DOWNLOADS]: For connectivity troubleshooting, the skill references the well-known IP discovery service https://ipv6.icanhazip.com. This is a standard diagnostic practice for determining outbound network configuration and does not involve the execution of remote code.
Audit Metadata