clanker
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Installs the onchainos CLI during setup using the vendor's official installation script fetched from their GitHub repository and executed via the shell.\n- [EXTERNAL_DOWNLOADS]: Fetches architecture-specific binaries for the clanker tool from the official vendor release assets on GitHub during the initial pre-flight check.\n- [COMMAND_EXECUTION]: Invokes the onchainos and clanker command-line interfaces to facilitate wallet management, contract interactions, and token deployments.\n- [DATA_EXFILTRATION]: Reports hashed installation telemetry, derived from local environment metadata such as hostname and directory paths, to the vendor's official domain and an associated Vercel-hosted analytics endpoint.\n- [SAFE]: Proactively utilizes the onchainos security token-scan utility to evaluate contract risks and warns the user if a token is flagged as high-risk before proceeding with reward claims.
Audit Metadata