wallet-operations
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Python scripts (
wallet_balance.py,portfolio_tracker.py,tx_builder.py) to perform its primary functions. These scripts are part of the skill distribution and do not execute arbitrary shell commands or user-supplied code strings. - [EXTERNAL_DOWNLOADS]: The scripts make network requests to well-known blockchain data providers (Etherscan, Polygonscan, Arbiscan, Basescan, BscScan, CoinGecko) and public RPC endpoints (llamarpc.com, bnbchain.org, etc.) to fetch balances, transaction history, and prices. All connections use standard Python libraries and target established technology infrastructure.
- [CREDENTIALS_UNSAFE]: The skill requires environment variables for API keys (
ETHERSCAN_API_KEY, etc.) but does not hardcode any secrets. It explicitly warns users in its documentation never to share seed phrases or private keys and provides no mechanism to ingest or store them. - [PROMPT_INJECTION]: The skill body contains instructional language defining its role as a wallet assistant. It does not contain instructions to bypass safety filters or ignore previous rules.
Audit Metadata