auditing-foundry-smart-contract-security

Warn

Audited by Snyk on Jun 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The SKILL.md includes a setup command that runs remote code (curl -L https://foundry.paradigm.xyz | bash && foundryup), which, during installation/runtime setup, fetches and executes a script and is required for the skill (Foundry) to run.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly includes blockchain wallet and transaction-sending commands: e.g., "cast wallet import deployer --interactive" and "forge script ... --account deployer --rpc-url --broadcast" and guidance about using an encrypted keystore and deploying to testnet/mainnet. These are specific crypto/wallet/signing and broadcast operations capable of sending on-chain transactions (moving funds). This is not a generic tool — it is explicitly tied to crypto wallets and deployment (financial execution) and therefore meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion.

Issues (2)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 03:33 PM
Issues
2
Security Audit — snyk — auditing-foundry-smart-contract-security