wallet
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Sensitive credentials as CLI arguments. Subcommands such as 'create', 'import', and 'unlock' take passwords and BIP39 mnemonics as raw flags, exposing them to process monitors and command history files.
- [DATA_EXFILTRATION]: Plaintext mnemonic output. The 'create' and 'export' commands print unencrypted 24-word recovery phrases to stdout, which may be captured in logs or the agent's session memory.
- [DATA_EXFILTRATION]: Access to sensitive paths. The skill reads and writes to the '~/.aibtc/' directory to manage encrypted wallet files.
- [COMMAND_EXECUTION]: CLI-driven wallet operations. The script uses the 'commander' library to orchestrate filesystem and network tasks based on user input.
- [PROMPT_INJECTION]: Risk of indirect injection through untrusted data. The skill processes user-supplied strings like names and wallet IDs and returns structured data to the agent. Ingestion points: wallet.ts CLI arguments. Capability inventory: Filesystem writes and Hiro API network requests. Sanitization: Not explicitly present. Boundary markers: Absent.
Audit Metadata