alchemy-web3
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The overall security posture of the skill is safe, with no detected prompt injections, obfuscation, or malicious persistence mechanisms.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to official Alchemy API subdomains (e.g., g.alchemy.com) to retrieve on-chain data. These operations target a well-known service and are documented as the core functionality of the skill.
- [COMMAND_EXECUTION]: The provided shell script 'scripts/alchemy.sh' uses standard local utilities such as curl, jq, and bc to fetch and format blockchain data. These command executions are limited to processing data from trusted API responses.
- [SAFE]: Credential management is implemented using standard environment variable configuration, loading the ALCHEMY_API_KEY from the local ~/.openclaw/.env file, which is the prescribed security pattern for this environment.
Audit Metadata