evm-deployment
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to interact with the Foundry suite (
forge,cast) for deploying smart contracts, verifying source code on block explorers, and performing on-chain transactions like token minting. - [EXTERNAL_DOWNLOADS]: The skill utilizes
bun installto manage project dependencies. These packages (e.g.,@sablier/evm-utils) are scoped to the official Sablier organization and are consistent with the skill's purpose. - [REMOTE_CODE_EXECUTION]: Contains a Python snippet designed to extract constructor arguments from local broadcast files. This is a local data manipulation task and does not involve fetching or executing code from untrusted remote servers.
- [CREDENTIALS_UNSAFE]: The workflow requires a
PRIVATE_KEYfor signing deployment transactions. The skill follows established security best practices by instructing the user to store the key in a local.envfile rather than hardcoding it.
Audit Metadata