signet
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): Uses
npxto execute the@signet-base/clipackage from an unverified npm organization. This allows for arbitrary code execution at runtime.\n- [CREDENTIALS_UNSAFE] (HIGH): Explicitly suggests passing aPRIVATE_KEYvia environment variables or command-line arguments. This pattern is highly insecure as it exposes sensitive credentials in process lists, history, and agent logs.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): Dynamically downloads and runs external scripts from the npm registry without version pinning or integrity verification.\n- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection. \n - Ingestion points: Fetches
urlandmetadatafromhttps://signet.sebayaki.com/api/signature/list. \n - Boundary markers: Absent; no delimiters are used to separate untrusted API data from the agent's instructions. \n
- Capability inventory: Has the ability to execute CLI commands and sign on-chain transactions. \n
- Sanitization: No evidence of validation or sanitization for the ad content retrieved from the platform.\n- [COMMAND_EXECUTION] (MEDIUM): Orchestrates system-level execution of
npxandcurlcommands, which could be manipulated if input parameters (like URLs) are not strictly controlled.\n- [DATA_EXFILTRATION] (MEDIUM): Communicates with a non-whitelisted external domainsignet.sebayaki.comto post data and fetch transaction requirements.
Recommendations
- AI detected serious security threats
Audit Metadata