Skills
skills/askeluv/nansen-cli/nansen-wallet-manager/Gen Agent Trust Hub

nansen-wallet-manager

Warn

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various nansen CLI commands using the Bash tool to manage wallets, check balances, and send blockchain transactions.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the nansen-cli package from the Node.js package registry during the installation phase.
  • [DATA_EXFILTRATION]: The nansen wallet export command displays the private key for local wallets. This behavior exposes the most sensitive part of a wallet directly to the agent's conversation and memory context, which could be targeted for exfiltration.
  • [CREDENTIALS_UNSAFE]: The skill manages several sensitive secrets, including PRIVY_APP_SECRET, NANSEN_API_KEY, and wallet passwords. It explicitly documents a fallback credential storage mechanism at ~/.nansen/wallets/.credentials which it identifies as insecure, posing a risk to the confidentiality of wallet passwords.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 28, 2026, 09:14 PM
Security Audit — agent-trust-hub — nansen-wallet-manager