sp3nd
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires access to a Solana wallet's private key, typically stored in a local
.wallet.jsonfile, to sign and authorize USDC payments. This is a core requirement for the skill's autonomous payment functionality. - [COMMAND_EXECUTION]: The README and installation guide include shell commands for setting up the skill, including the use of
npxand filesystem operations to install the skill in specific agent directories (e.g.,~/.claude/skills/). - [EXTERNAL_DOWNLOADS]: The skill and its demonstration scripts interact with external API endpoints at
sp3nd.shop(via Firebase Cloud Functions) andfacilitator.payai.networkto manage the registration, cart, ordering, and transaction settlement processes.
Audit Metadata