alchemy-agentic-gateway
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements strong security boundaries for private key management. It explicitly instructs the agent to never use its own file-access tools (Read, Write, Edit) on sensitive files like
wallet-key.txtor.env, instead requiring the use of shell pipes and redirects. This prevents the agent from accidentally leaking private keys into its own context or log output. - [COMMAND_EXECUTION]: Uses
node -eandnpxto perform cryptographic operations, such as generating wallets and signing SIWE/SIWS messages. These operations are performed via local shell commands to keep sensitive data isolated from the agent's internal memory. - [EXTERNAL_DOWNLOADS]: Fetches necessary libraries and tools (e.g.,
@alchemy/x402,viem,mppx) from official registries. All remote operations target well-known vendor domains (alchemy.com) or trusted services (Stripe, Circle faucets). - [DATA_EXFILTRATION]: No evidence of unauthorized data transfer. Network requests are restricted to the Alchemy gateway infrastructure for the purpose of blockchain API access.
Audit Metadata