sell
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (CRITICAL): Automated scanners confirmed the presence of a blacklisted malicious URL (r.Ru) associated with the skill's dependencies or operational flow.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill encourages running 'npx add-wallet', an unverified command that downloads and executes code from the npm registry at runtime, providing a direct path for executing malicious payloads.
- [CREDENTIALS_UNSAFE] (HIGH): The instructions detail the generation and storage of raw private keys in .env files. Combined with unverified tools, this facilitates the exfiltration of crypto-assets.
- [COMMAND_EXECUTION] (MEDIUM): The use of shell pipes (e.g., echo "1" | npx ...) and dynamic node execution (node -e) presents a surface for command injection and execution of untrusted logic.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata