citrea-claw-skill
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts with the Citrea mainnet using the 'viem' library and a public RPC endpoint (https://rpc.mainnet.citrea.xyz). These interactions are limited to read-only blockchain queries for token balances, event logs, and contract states, which are necessary for its monitoring features.
- [SAFE]: External communication is restricted to official infrastructure, including the Telegram Bot API (https://api.telegram.org) for alerts and the RedStone Oracle contracts for price data. No unauthorized external data exfiltration was detected.
- [SAFE]: Sensitive data such as the Telegram Bot Token is managed exclusively through environment variables, preventing the accidental exposure of credentials in the source code.
- [SAFE]: An analysis of the project's dependencies confirms the use of standard and reputable Node.js packages (viem, dotenv). No malicious or unverified dependencies are present.
- [SAFE]: The skill does not implement any mechanisms for arbitrary code execution, privilege escalation, or persistence. All commands are CLI-driven and perform deterministic monitoring tasks.
Audit Metadata