wallet-tracker-mcap

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Python's subprocess.run to execute commands via the onchainos CLI tool. This is the primary method for performing on-chain operations such as balance checks and token swaps. The calls are implemented using argument lists rather than shell strings, reducing command injection risks.
  • [DATA_EXFILTRATION]: The bot starts a local HTTP server on port 3248 to host a web dashboard. This dashboard serves trading state and wallet snapshots to the user. The control endpoints (pause, reset, config) are restricted to connections from localhost (127.0.0.1) to prevent external interference.
  • [PROMPT_INJECTION]: The instructions include a 'Claude Launch Protocol' and 'Iron Rules'. These are defensive instructions that mandate safety gates, risk assessments, and explicit user confirmation before any live trading is permitted.
  • [SAFE]: The developer has implemented a strict 'External Data Boundary' policy. This policy instructs the agent to treat all blockchain-sourced data as untrusted and provides a list of sanitized fields for display, specifically to mitigate indirect prompt injection vulnerabilities.
  • [SAFE]: The skill manages persistence by updating config.py at runtime to save user-defined parameters. While this involves self-modifying code, it is used exclusively for standard configuration persistence without dynamic code execution or external script generation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 03:04 AM
Security Audit — agent-trust-hub — wallet-tracker-mcap