Skills
skills/transilienceai/communitytools/blockchain-security/Snyk

blockchain-security

Fail

Audited by Snyk on Apr 20, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The prompt instructs fetching and using raw private keys (connection_info returns a PrivateKey and examples use w3.eth.account.from_key(PRIVATE_KEY) and signing), which requires handling secrets and could cause the model to include those secret values verbatim in generated commands or code.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This content is high-risk: it provides explicit, step-by-step offensive techniques (delegatecall-based storage manipulation, CREATE/CREATE2 address prediction and nonce bumping, deploying exploit contracts at predicted addresses, and reading private storage) that enable placing backdoors, hijacking contract state, and otherwise deliberately exploiting smart contracts.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's required workflow (SKILL.md and reference files) instructs the agent to fetch and read data from external, user-controlled sources—e.g., curl to http://$HOST:$PORT/connection_info, using RPC_URL and w3.eth.get_storage_at to read on-chain contract storage and downloaded/decompiled contract bytecode—which are untrusted third-party inputs that the agent must interpret to choose exploit actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly for blockchain interaction and exploitation, including code and examples that use wallet private keys, sign transactions, and send raw transactions via web3.py. It instructs retrieving a PRIVATE_KEY from a challenge, constructing/signing transactions (acct = w3.eth.account.from_key(PRIVATE_KEY); signed = acct.sign_transaction(tx)), and calling w3.eth.send_raw_transaction(signed.raw_transaction). It also describes deploying exploit contracts and manipulating nonces/addresses—actions that directly create and send on-chain transactions and can move funds. This is a specific crypto/blockchain execution capability (wallets, signing, sending transactions), not a generic tool, so it meets the Direct Financial Execution criteria.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 20, 2026, 11:11 PM
Issues
4