moltycash
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill requires EVM_PRIVATE_KEY and SVM_PRIVATE_KEY environment variables to be set. These keys grant full control over the user's blockchain assets.
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user to run npx moltycash, which dynamically downloads and executes code from the public NPM registry. The package is not from a trusted organization, posing a significant supply chain risk.
- COMMAND_EXECUTION (MEDIUM): The skill facilitates the execution of shell commands that ingest private keys, which could be exfiltrated if the underlying package is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata