gmgn-portfolio
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the global installation of the
gmgn-clipackage (version 1.0.1) from npm. This tool is the core component provided by the vendor (GMGNAI) for accessing their API services. - [COMMAND_EXECUTION]: The skill facilitates the execution of various sub-commands through the
gmgn-cliutility. It passes user-supplied arguments, such as wallet addresses and token addresses, directly to the command-line interface to fetch portfolio metrics. - [CREDENTIALS_UNSAFE]: The skill documentation specifies that a
GMGN_API_KEYmust be configured in a.envfile for the tool to function. It does not hardcode any sensitive credentials or provide mechanisms for unauthorized credential access. - [SAFE]: The skill includes explicit notes regarding input validation, stating that wallet and token addresses are validated against expected blockchain formats (Base58 for Solana, Hex for BSC/Base) at runtime before the commands are executed. This serves as a safeguard against common command injection or malformed input issues.
Audit Metadata