The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches token metadata and verification status from the AVNU API (starknet.api.avnu.fi). This is a well-known service within the Starknet ecosystem for asset resolution. It also requires standard Node.js packages (starknet, @avnu/avnu-sdk) from the official npm registry.\n- [SAFE]: Sensitive credentials such as the Starknet private key are managed via environment variables. The provided documentation correctly advises the use of .env files for secret management, which is a standard security practice for local development. No code patterns for credential exfiltration were detected.\n- [SAFE]: The skill ingests external data in the form of token symbols and names from the AVNU API to provide user-friendly balance reports. While this represents a data ingestion surface, the risk is minimal as the metadata is used for display purposes. Evidence chain: Ingestion occurs in resolveToken and fetchTokenInfo within the script files; no explicit boundary markers are used for token symbols; the skill capability includes wallet operations; no sanitization of symbols is performed as they are intended for terminal output.

starknet-wallet