Skills
skills/keeperhub/agentic-wallet-skills/keeperhub-wallet/Gen Agent Trust Hub

keeperhub-wallet

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions prompt the user to run npx @keeperhub/wallet, which fetches and executes code from the npm registry. This is the vendor's official package used for provisioning the wallet and installing the skill.
  • [COMMAND_EXECUTION]: The installation process involves a CLI script that modifies configuration files, including ~/.claude/settings.json and agent-specific directories, to register a PreToolUse safety hook and the skill file.
  • [COMMAND_EXECUTION]: Several wallet management commands are executed via the @keeperhub/wallet package, such as add, info, fund, and balance to manage on-chain assets.
  • [CREDENTIALS_UNSAFE]: The skill documentation describes storing an hmacSecret in ~/.keeperhub/wallet.json to authenticate signing requests. The storage uses restricted file permissions (mode 0o600) to protect the secret locally.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 06:13 PM
Security Audit — agent-trust-hub — keeperhub-wallet