nara
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages wallet private keys stored in plaintext at
~/.config/nara/id.jsonand provides commands to import mnemonics and private keys directly via command-line arguments. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install the
naraclipackage from the public npm registry. - [COMMAND_EXECUTION]: The skill relies on executing various shell commands through the
naraclitool to perform blockchain operations, wallet management, and configuration changes. - [DATA_EXFILTRATION]: Commands such as
skills uploadandagent upload-memoryread local files and transmit their contents to the Nara blockchain, which is a public ledger. - [REMOTE_CODE_EXECUTION]: Use of
npx naracliinvolves the dynamic download and execution of code from the npm registry at runtime. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from data retrieved from the blockchain via
quest get,skills content, andagent memorycommands. - Ingestion points: Output from blockchain data retrieval commands (SKILL.md).
- Boundary markers: No delimiters or warnings are used to separate untrusted blockchain data from agent instructions.
- Capability inventory: Subprocess command execution, file reading, and wallet transfer capabilities (SKILL.md).
- Sanitization: No evidence of sanitization or validation of the content retrieved from the blockchain.
Audit Metadata