koios-agent-wallet
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATION
Full Analysis
- [Data Exposure] (LOW): The script prints private signing keys (paymentCborHex and stakeCborHex) directly to the console output as part of an 'Agent Wallet Dossier'. While intended for user export, this behavior can leak sensitive cryptographic material into shell history, system logs, or terminal buffers.
- [Privilege Management] (SAFE): The script follows security best practices for key management by applying
chmod 600to generated.skeyfiles on Unix-based systems, ensuring only the owner can read the private keys. - [External Dependencies] (SAFE): The script utilizes
@meshsdk/coreand@noble/ed25519. These are standard, well-known libraries for Cardano blockchain interactions and Ed25519 cryptography.
Audit Metadata