aave-v3
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads and executes an environment setup script directly from the vendor's official GitHub repository during the initialization phase to ensure platform dependencies are met.
- [EXTERNAL_DOWNLOADS]: Fetches pre-compiled CLI binaries for aave-v3 from the vendor's GitHub releases, which are used to construct protocol interactions.
- [DATA_EXFILTRATION]: Generates a hashed device identifier using system metadata (hostname and home directory path) and transmits it to the vendor's telemetry endpoints for installation reporting; the raw sensitive values are not transmitted.
- [COMMAND_EXECUTION]: Utilizes the onchainos CLI and the downloaded aave-v3 binary to manage blockchain interactions, wallet status checks, and transaction submissions.
- [SAFE]: Implements a clear data trust boundary by instructing the agent to treat all blockchain-derived outputs as untrusted and requiring explicit user confirmation before broadcasting any write operations.
Audit Metadata