moralis-streams-api
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily composed of rule files and documentation for interacting with the Moralis Streams API. It does not contain any malicious code, obfuscation, or unauthorized data access patterns. All network operations are directed to official Moralis domains.
- [DATA_EXFILTRATION]: While the skill manages a sensitive API key (
MORALIS_API_KEY), it provides explicit instructions to the agent to avoid requesting this key in chat, instead utilizing local environment files for secure storage. All API communication is directed to the vendor's legitimate endpoints (api.moralis-streams.com). - [PROMPT_INJECTION]: The skill facilitates the setup of blockchain event webhooks. While the ingestion of external data from the blockchain can serve as an attack surface for indirect prompt injection, the skill itself focuses on API configuration and includes security documentation on signature verification to mitigate potential risks.
- Ingestion points: External blockchain data delivered via webhooks from the Moralis API (documented in
references/WebhookResponseBody.md). - Boundary markers: The skill does not provide a processing runtime, but it includes documentation for users to implement signature checks in their own handlers (
references/WebhookSecurity.md). - Capability inventory: The skill uses
Bashto executecurlfor managing API settings and stream configurations. - Sanitization: The documentation provides examples of how to verify SHA3 signatures to ensure the authenticity of incoming webhook data.
Audit Metadata