web3-foundry
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or security vulnerabilities were detected in the skill instructions or provided reference files.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of well-known formal verification tools 'halmos' and 'certora-cli' via the standard Python package manager (pip). It also points to the official 'forge-std' repository on GitHub for cheatcode documentation. These are trusted resources within the Ethereum development ecosystem.
- [COMMAND_EXECUTION]: The skill provides templates for standard development and testing commands using the 'forge', 'halmos', and 'certora' CLI tools. These are legitimate tools used in the smart contract development lifecycle for testing and deployment.
- [CREDENTIALS_UNSAFE]: The documentation mentions using environment variables like 'PRIVATE_KEY' and 'MNEMONIC' for deployment scripts. This is a standard and recommended practice to avoid hardcoding secrets, and the skill only provides placeholders for these variables.
Audit Metadata