auditing-foundry-smart-contract-security
Warn
Audited by Snyk on Jun 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The SKILL.md includes a setup command that runs remote code (curl -L https://foundry.paradigm.xyz | bash && foundryup), which, during installation/runtime setup, fetches and executes a script and is required for the skill (Foundry) to run.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly includes blockchain wallet and transaction-sending commands: e.g., "cast wallet import deployer --interactive" and "forge script ... --account deployer --rpc-url --broadcast" and guidance about using an encrypted keystore and deploying to testnet/mainnet. These are specific crypto/wallet/signing and broadcast operations capable of sending on-chain transactions (moving funds). This is not a generic tool — it is explicitly tied to crypto wallets and deployment (financial execution) and therefore meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata