sablier-withdraw-vesting
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands via cast, curl, and jq to query the indexer and execute on-chain transactions. These tools are standard for EVM interaction and are used within a strictly defined sequence.
- [EXTERNAL_DOWNLOADS]: Data is fetched from the Sablier indexer at indexer.hyperindex.xyz to discover user streams. This is an operational requirement for the skill's primary function and targets a known infrastructure endpoint for the protocol.
- [DATA_EXFILTRATION]: The skill explicitly avoids handling private keys directly. It prefers the cast --browser method, which delegates the sensitive signing process to the user's own browser-based wallet extension (like MetaMask), ensuring that no credentials are captured by the agent or stored in chat logs.
Audit Metadata