meteora
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of several external packages from the
@meteora-agNPM scope, such as@meteora-ag/dlmm,@meteora-ag/cp-amm-sdk, and@meteora-ag/dynamic-bonding-curve-sdk. Since the 'MeteoraAg' organization is not included in the trusted source whitelist, these dependencies are classified as unverifiable. - [CREDENTIALS_UNSAFE] (LOW): Nearly all executable example files (e.g.,
templates/trading-bot.ts,examples/dlmm/swap.ts,examples/dlmm/add-liquidity.ts) access sensitive wallet credentials throughprocess.env.WALLET_SECRET_KEY. While environment variables are used instead of hardcoding, users must ensure the environment is securely isolated to prevent the AI agent from accidentally exposing or misusing the private key. - [COMMAND_EXECUTION] (SAFE): The scripts facilitate blockchain interactions by constructing and sending transactions using the standard
sendAndConfirmTransactionmethod. This behavior is expected and aligns with the primary purpose of the skill.
Audit Metadata