Skills
skills/nansen-ai/nansen-cli/nansen-wallet-manager/Gen Agent Trust Hub

nansen-wallet-manager

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill includes functionality to export private keys using the nansen wallet export <name> command. This action retrieves sensitive cryptographic material and displays it in the agent's output, potentially exposing the keys in conversation logs or history.
  • [COMMAND_EXECUTION]: The skill enables high-risk financial operations, specifically the nansen wallet send command for transferring native tokens (ETH, SOL) across EVM and Solana chains. These operations are executed with passwords automatically resolved from the OS keychain, reducing the human oversight required for transactions.
  • [DATA_EXFILTRATION]: The skill references the fallback storage location ~/.nansen/wallets/.credentials. Accessing or storing sensitive data in a plaintext file fallback rather than the OS keychain increases the risk of credential exposure on the local filesystem.
  • [CREDENTIALS_UNSAFE]: The skill requires the management of sensitive environment variables including PRIVY_APP_SECRET and NANSEN_WALLET_PASSWORD. While the documentation provides guidance on secure handling, the presence of these secrets in the execution environment remains a point of sensitivity.
  • [EXTERNAL_DOWNLOADS]: The skill configures the installation of the nansen-cli Node.js package. This is a vendor-owned resource provided by the author nansen-ai.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8):
  • Ingestion points: The skill retrieves external data such as blockchain labels and research profiles using the nansen research profiler labels command.
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore potentially malicious content embedded in the retrieved blockchain data.
  • Capability inventory: The skill possesses significant capabilities including token transfers (send), key exports (export), and wallet deletion.
  • Sanitization: There is no mention of sanitization or validation of the data retrieved from the blockchain before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 01:11 PM