jaw-cli
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to install the
@jaw.id/clipackage from the NPM registry and references the Foundrycasttool for calldata encoding. - [COMMAND_EXECUTION]: The skill instructions involve executing the
jawCLI binary for wallet management, configuration, and RPC calls. It also describes the setup of an MCP server (jaw mcp) which runs as a persistent subprocess within the AI agent environment. - [DATA_EXFILTRATION]: The skill performs network requests to
api.justaname.idfor ENS resolution and communicates withkeys.jaw.idfor session management and transaction signing. These operations are functional requirements for the author's service. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection in
rules/ens-resolution.mdwhere the agent fetches external data used to define transaction parameters. - Ingestion points: Fetches ENS records from
https://api.justaname.id/ens/v1/subname/records(rules/ens-resolution.md). - Boundary markers: None explicitly defined for the API response, though specific parsing rules are provided.
- Capability inventory: Sensitive wallet capabilities including
wallet_sendCallsandeth_sendTransaction(rules/api-reference.md, rules/transactions.md). - Sanitization: Instructions provide specific logic for extracting addresses from the
coinsarray based on chain IDs and require showing the resolved address to the user, which mitigates the risk of processing arbitrary data.
Audit Metadata