skills/aibtcdev/skills/wot/Gen Agent Trust Hub

wot

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [NO_CODE]: This is a documentation-only skill that contains no executable scripts (such as .ts, .js, or .py files). It relies entirely on provided instructions and the use of external MCP tools, which significantly minimizes the security risk.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to perform HTTP GET requests to wot.klabo.world and maximumsats.com. These are legitimate external APIs used to fetch Nostr Web of Trust data as part of the skill's primary functionality.
  • [COMMAND_EXECUTION]: The documentation provides examples for using a command-line tool (arc creds set) to store L402 payment tokens. This is a standard procedure for managing credentials and accessing paid API tiers, rather than a malicious command injection.
  • [SAFE]: The skill processes Nostr public keys, which are designed to be public identifiers. No sensitive data, such as private keys or environment variables, is transmitted to the external APIs. All interactions are consistent with the stated purpose of assessing counterparty risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 07:01 PM
Security Audit — agent-trust-hub — wot