onboarding-to-agentbeat

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] The material describes a legitimate, high-risk onboarding workflow for on-chain agent identity and x402-based payments, with explicit security guidance. It necessitates careful credential hygiene, dependency auditing, and secure signing practices. While not inherently malicious, the workflow expands attack surfaces through private-key handling and multiple external services, so strict operational controls are required in production. Treat as high-risk but benign with proper safeguards and verified dependencies. LLM verification: This skill's stated purpose matches its capabilities and the described file/network operations are generally necessary for on-chain onboarding. No explicit malicious code is present in the provided text. However there are notable supply-chain and data-flow risks: npm package installs run at runtime (possible arbitrary code execution), and sensitive data (wallet keys and single-use vouchers) are persisted locally and sent to external services (facilitator.world.fun, api.agentbeat.fun). The facili

The code demonstrates legitimate wallet generation capabilities but uses dangerous patterns by printing private keys to stdout and persisting plaintext private keys to disk. In a software supply-chain context, this is a high-risk pattern because it can lead to key leakage and unauthorized access if logs or backups are compromised. The gas-request workflow adds an operational risk that could be exploited for unauthorized funding if misused. The recommended remediation is to remove privateKey exposure in logs, avoid persisting plaintext private keys, store secrets in secure vaults or hardware-backed wallets with user consent, and implement strict access controls and auditing. Additionally, remove or secure the gas-request template to prevent social-engineering flow or make it a user-initiated action requiring explicit consent. Rework balance checks to avoid dumping sensitive identifiers and ensure all communications are authenticated and encrypted.