Skills
skills/lawson-ccy/skills/lista/Gen Agent Trust Hub

lista

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: Executes a bundled JavaScript utility (scripts/moolah.js) via the Node.js runtime to perform blockchain operations and API requests. The script handles manual ABI processing and direct RPC communication.
  • [COMMAND_EXECUTION]: Uses shell commands to read and write user configuration data, such as language choices and wallet addresses, to the local filesystem at ~/.lista/.
  • [DATA_EXFILTRATION]: Transmits wallet addresses to external services including the official Lista API (api.lista.org) and public blockchain RPC nodes (bsc-dataseed.bnbchain.org, eth.drpc.org). These operations are necessary for the skill's features but involve sending user-identifying data to third-party servers.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 01:39 PM