moca-proof
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses local configuration files (
.air-wallet-config.json) and cryptographic keys (p256-private-key.pem,p256-public-key.pem) to perform authenticated requests and generate digital signatures. This access is consistent with the skill's primary function. - [COMMAND_EXECUTION]: Provided JavaScript scripts (
moca-complete-program.mjs,moca-get-mocat.mjs) use Node.js built-in modules (node:crypto,node:fs) to process data and interact with APIs. - [SAFE]: Network activity is directed to official or staging endpoints for the Moca Network and its partners (e.g., moca.network, mocachain.org, air3.com). No unauthorized or suspicious data exfiltration was detected.
- [SAFE]: Hardcoded values such as the staging partner ID and the checksum salt are used for deterministic processing and development defaults, not as sensitive production secrets.
Audit Metadata