light-token-client
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions and provided code examples explicitly read sensitive Solana identity information from the local file path
~/.config/solana/id.json. This file contains the private key used to sign transactions. - [EXTERNAL_DOWNLOADS]: The skill refers to external software packages and documentation hosted on GitHub and official package registries by the vendor Lightprotocol.
- [COMMAND_EXECUTION]: The operational workflow involves running shell commands using
nodeandcargoto execute JavaScript and Rust code examples provided in the skill references.
Audit Metadata