senpi-onboard
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill dynamically installs additional agent skills from the vendor's GitHub repository using 'npx skills add'. It also executes code for wallet generation using 'npx'.
- [EXTERNAL_DOWNLOADS]: Fetches npm packages including 'mcporter' and 'ethers' at runtime and retrieves platform data from Supabase functions.
- [COMMAND_EXECUTION]: Uses shell commands, 'awk', and inline Node.js execution to manage state files, create configuration files, and interact with platform APIs.
- [DATA_EXFILTRATION]: Transmits user identity metadata, such as Telegram IDs or wallet addresses, to the platform's backend for account creation and registration.
- [CREDENTIALS_UNSAFE]: Generates and stores sensitive cryptographic secrets, including private keys and mnemonics, in plaintext files within the local configuration directory. Although restricted file permissions are applied, the presence of these secrets on disk is a high-sensitivity operation.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the 'USER.md' file and external API responses. Boundary markers are absent for this data. The capability inventory includes subprocess execution and remote code installation. Sanitization of the ingested data is not explicitly performed beyond basic string manipulation.
Audit Metadata