switchboard
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): Several scripts, including
examples/setup/example.ts,examples/feeds/pull-feed.ts, andexamples/feeds/oracle-quote.ts, implement aloadWalletfunction that reads the user's Solana private key from~/.config/solana/id.jsonusingfs.readFileSync. Direct access to sensitive credential files is a high-risk pattern. - [EXTERNAL_DOWNLOADS] (MEDIUM): Documentation in
resources/github-repos.mdand code imports reference packages from the@switchboard-xyzand@coral-xyznamespaces, and suggest cloning from theswitchboard-xyzGitHub organization. As these sources are not in the predefined trusted list, they represent unverifiable external dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata