zscore
Warn
Audited by Snyk on Mar 5, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill fetches and parses arbitrary HTTP agent URIs returned from the on-chain tokenURI (see lib/get-agent.js which does fetch(agentURI) if it starts with "http", and scripts/zscore.ts's read command displays that parsed JSON), meaning it ingests untrusted/user-hosted JSON from open web locations as part of its runtime workflow.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain transactions that move value and require signing with a private key. It mints an NFT during register (paying a stated registration fee of 0.0025 ETH on mainnet / 0.001 ETH on Sepolia), requires a PRIVATE_KEY to run writes, and exposes commands that call contract methods (register, set-metadata, unset-wallet) which send transactions. Managing wallets and signing transactions on Ethereum (Base) is a direct crypto/blockchain financial execution capability, not a generic tool. Therefore it meets the "Direct Financial Execution" criteria.
Audit Metadata