tronbox
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
unboxcommand allows users to download project templates from remote repositories or registries, which is a standard feature for project scaffolding. Theinitcommand may also trigger package installation usingnpmif apackage.jsonfile is present in the initialized project. - [COMMAND_EXECUTION]: The framework executes JavaScript-based migration files and test suites. This execution is part of the tool's primary purpose for managing smart contract deployments and verifying code correctness.
- [CREDENTIALS_UNSAFE]: The documentation covers the configuration of private keys and mnemonics required for signing blockchain transactions. It explicitly recommends using environment variables to manage these secrets, following industry best practices to prevent accidental exposure.
Audit Metadata