rwa-wallet
Audited by Snyk on Apr 2, 2026
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt instructs embedding sensitive values (seed phrases, private keys, passphrases) directly in CLI commands and examples (e.g.,
--seed-phrase "...",--private-key <BASE58>,export RWA_PASSPHRASE="..."), which requires the LLM to handle or emit secret values verbatim and is high-risk.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). The raw.githubusercontent.com link is a direct install.sh intended to be run via curl | sh (high-risk: arbitrary code execution from an unvetted repo), and the placeholder https://your-rpc-endpoint.com could be an attacker-controlled RPC endpoint that intercepts or manipulates wallet traffic—together these are a suspicious, high-risk distribution/remote-control vector.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and executing an install script from a public GitHub URL ("curl -fsSL https://raw.githubusercontent.com/outputlayer/rwa_cli/main/install.sh | sh"), which is open third-party content the agent would ingest/execute and could therefore inject instructions that materially change behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's install step runs curl -fsSL https://raw.githubusercontent.com/outputlayer/rwa_cli/main/install.sh | sh, which fetches and directly executes a remote shell script at runtime, making it a required external dependency that executes remote code.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a Solana wallet/transfer tool. It includes commands to create/import/encrypt private keys and seed phrases, show addresses, and—crucially—send funds (e.g., "rwa --json gm send SOL ...", "send USDC all ", "reclaim", "send TSLA 0.5 -y"). It instructs on full withdrawal flows, reclaiming lamports, RPC endpoints, and passphrase handling. These are direct crypto/blockchain transaction and wallet management capabilities (signing/sending transfers), not generic tooling.
Issues (5)
Insecure credential handling detected in skill instructions.
Suspicious download URL detected in skill instructions.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Direct money access capability detected (payment gateways, crypto, banking).