Skills
skills/stuckinaboot/net-public/net/Gen Agent Trust Hub

net

Fail

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis

================================================================================

🔴 VERDICT: HIGH

The primary concern is the insecure handling of private keys. The netp CLI tool, which is central to this skill, allows users to provide their private key directly as a command-line argument (e.g., --private-key 0x...). This method is highly insecure because command-line arguments are often stored in shell history files, visible in process lists, and can be logged by various system tools, making them vulnerable to unauthorized access. Although the documentation correctly advises using environment variables, the availability of the insecure command-line option elevates this to a critical data exfiltration risk.

Total Findings: 4

🔴 HIGH Findings: • Insecure Private Key Handling

  • Line 100, packages/net-cli/src/cli/shared.ts: The parseCommonOptions function explicitly reads private keys from command-line arguments (options.privateKey), NET_PRIVATE_KEY, or PRIVATE_KEY environment variables. While it warns against command-line usage, it still processes the key, creating a direct data exfiltration risk if the user follows this insecure path. This is a direct insecure handling of sensitive credentials.

🟡 MEDIUM Findings: • Insecure Private Key Handling in CLI Commands

  • Line 100, packages/net-cli/src/cli/shared.ts: Multiple CLI commands (e.g., netp message send, netp storage upload, netp token deploy, netp profile set-picture, netp bazaar create-listing) accept --private-key as a direct argument. This allows users to inadvertently expose their private keys in shell history or process logs, which is a significant data exfiltration vector. While environment variables are recommended, the direct argument option is a vulnerability.

🔵 LOW Findings: • Unverifiable External Dependencies

  • Line 10, plugins/net-protocol/skills/net-protocol/SKILL.md: The skill instructs npm install -g @net-protocol/cli. While @net-protocol/cli is a first-party package within this monorepo, global package installations from public registries (npm) always carry a supply chain risk if the registry is compromised or a malicious version is published. This is a low risk due to the package being internal to the project. • Potential Indirect Prompt Injection / XSS via HTML Canvas
  • Line 100, skill-references/profiles.md: The netp profile set-canvas command allows users to store arbitrary HTML content on-chain. If this stored HTML is later rendered by a user's browser without proper sanitization, it could lead to Cross-Site Scripting (XSS) attacks. This is an indirect risk to users consuming the stored data, not a direct vulnerability of the AI agent or skill itself.

================================================================================

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 13, 2026, 04:04 AM