use-wallet
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation directs developers to install many third-party packages for wallet providers (e.g., @perawallet/connect, @walletconnect/sign-client, magic-sdk). These packages are standard for Algorand development but increase the supply-chain attack surface as they are not within the provided list of trusted sources.
- [CREDENTIALS_UNSAFE] (LOW): The file references/testing.md contains a hardcoded 24-word mnemonic phrase. Although explicitly labeled as a compromised account for Playwright E2E testing on non-MainNet networks, hardcoding mnemonic seeds is a practice that can lead to credential exposure if misused in production.
- [DATA_EXPOSURE] (INFO): The library is designed to persist wallet session data and network configuration in browser localStorage. Developers are warned that the Mnemonic provider (intended for testing) stores the secret phrase in plaintext if persistence is enabled.
Audit Metadata