gator-cli
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation explicitly states that the
gatorCLI stores private keys in plaintext JSON files located at~/.gator-cli/profiles/. It also identifies configuration fields forapiKeyandapiKeyIdwithin the configuration file. - [EXTERNAL_DOWNLOADS]: The skill installs the
@metamask/gator-clipackage globally via npm. This is an official resource from the identified vendor. - [COMMAND_EXECUTION]: The skill provides instructions for executing various shell commands (
gator init,gator create,gator redeem, etc.) to perform blockchain operations, including account upgrades and transaction signing.
Audit Metadata