aave-integration
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates standard DeFi operations (supply, borrow, repay, withdraw) via the official AAVE V3 protocol contracts on Ethereum and Arbitrum. The addresses defined in 'lib/addresses.ts' and documentation match the verified deployments of the AAVE protocol.
- [SAFE]: Strict input validation is implemented across the skill's CLI tools and library functions, utilizing 'assertAddress', 'assertChainId', and 'assertPositiveAmount' to mitigate risks from malformed or malicious inputs.
- [SAFE]: Secrets management is handled securely by referencing environment variables (e.g., 'AAVE_EXEC_PRIVATE_KEY') for transaction signing, avoiding hardcoded credentials in the source code.
- [SAFE]: Outbound network communication is restricted to reputable public blockchain RPC endpoints or user-defined URLs provided through environment variables, with no evidence of unauthorized data exfiltration.
- [SAFE]: The skill uses established and reputable dependencies, primarily the 'viem' library, for all blockchain communication and contract interactions.
Audit Metadata