yo-protocol-cli
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@yo-protocol/clipackage from the official npm registry. This is a vendor-owned resource corresponding to the skill's primary function. - [COMMAND_EXECUTION]: The skill executes the
yobinary to perform various blockchain-related tasks. These operations include: - Querying on-chain state via user-provided RPC URLs.
- Fetching off-chain data from the vendor's API (
api.yo.xyz). - Generating unsigned transaction calldata (
preparecommands) which requires an external signer (like Safe or a hardware wallet) to execute. - [SAFE]: The documentation includes clear security warnings, specifically stating that the CLI never requires or accepts private keys, mitigating the risk of credential theft. It also identifies and deprecates an unreliable command (
deposit-with-approval) to ensure user safety during transaction sequences.
Audit Metadata