cobo-agentic-wallet-sandbox-test
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The installation script
scripts/bootstrap-env.shdownloads binaries for the wallet CLI and TSS node from verified vendor-owned domains (cobo.com). These operations are consistent with the skill's primary purpose and utilize established service endpoints. - [SAFE]: The prompt injection patterns identified in
references/security.mdare documented as negative examples within a defensive guide. These instructions explicitly teach the agent to refuse and report malicious attempts found in external content. - [SAFE]: The skill uses official package managers (
pip,npm) to install vendor-maintained libraries (cobo-agentic-wallet,@cobo/agentic-wallet). - [SAFE]: Dynamic script execution and management in
references/sdk-scripting.mdare core features intended for wallet automation and strategy execution. The instructions emphasize local storage, parameterization, and script reuse rather than execution of untrusted remote content. - [SAFE]: Transaction security is reinforced by a mandatory 'Execution Authorization' flow, ensuring that high-risk operations like smart contract calls require manual approval from the wallet owner.
Audit Metadata