Skills
skills/thinkfleetai/thinkfleet-engine/onchainkit/Gen Agent Trust Hub

onchainkit

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the @coinbase/onchainkit package and its required peer dependencies from the official NPM registry, which is a well-known and trusted source.
  • [COMMAND_EXECUTION]: Python scripts utilize subprocess.run to manage project initialization and dependency installation. User-provided inputs, such as project names, are validated to prevent command injection attacks.
  • [REMOTE_CODE_EXECUTION]: The skill executes npm create onchain@latest to bootstrap new projects. This involves fetching and running a project initializer from a trusted vendor, which is an expected operation in a development workflow.
  • [SAFE]: Credential management is handled securely through environment variable templates, ensuring that API keys for Coinbase and WalletConnect are not hardcoded in the application.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:15 AM