Skills
skills/fibrous-finance/fibx-skills/authenticate-wallet/Gen Agent Trust Hub

authenticate-wallet

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill manages highly sensitive data, including blockchain private keys and email-based one-time passwords (OTP).
  • The auth import command prompts users to provide their private keys to the agent or terminal.
  • Sessions are stored as plaintext JSON in local configuration directories (e.g., ~/.config/fibx/session.json). This increases the risk of credential theft if the local machine is compromised.
  • The skill provides safety instructions, such as warning the user and advising against logging keys, to mitigate risks; however, the handling of raw private keys remains a sensitive operation.
  • [EXTERNAL_DOWNLOADS]: Uses npx fibx@latest which fetches the latest version of the fibx package from the npm registry, a well-known service, before execution.
  • [COMMAND_EXECUTION]: Executes shell commands to interface with the fibx CLI for authentication and session management workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 10:59 PM