veil
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation and scripts suggest installing the Veil SDK from either the official NPM registry (@veil-cash/sdk) or the official GitHub repository (github.com/veildotcash/veildotcash-sdk), both of which are trusted sources for the service being accessed.
- [COMMAND_EXECUTION]: The skill makes extensive use of shell scripts to orchestrate interactions between the veil CLI tool, the bankr CLI, and system utilities like curl and jq to manage keys and build transaction payloads.
- [DATA_EXFILTRATION]: The skill communicates with the Bankr Agent API (api.bankr.bot) to sign transactions and process prompts. This traffic is directed to the vendor's official API infrastructure.
- [CREDENTIALS_UNSAFE]: The skill manages sensitive data, including Veil private keys and Bankr API keys, by storing them in local configuration files (~/.clawdbot/skills/veil/.env.veil). The scripts include logic to set restrictive file permissions (chmod 600) to protect these secrets.
Audit Metadata