nansen-wallet
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of the nansen-cli package through the Node.js registry. This package is a verified vendor resource belonging to the author nansen-ai.
- [COMMAND_EXECUTION]: The skill utilizes Bash to execute various nansen commands for wallet creation, balance checking, and token transfers. It manages sensitive environment variables like NANSEN_API_KEY and NANSEN_WALLET_PASSWORD, and references a local credential file path (~/.nansen/wallets/.credentials) as a fallback storage mechanism.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating user-provided inputs into shell commands. Ingestion points: Command arguments for recipient addresses, amounts, and passwords in SKILL.md. Boundary markers: Absent. Capability inventory: Includes token transfers (nansen wallet send) and sensitive data exports (nansen wallet export). Sanitization: No explicit sanitization or validation of the input strings is described in the skill body.
Audit Metadata