wallet-tracker-mcap
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python's
subprocess.runto execute commands via theonchainosCLI tool. This is the primary method for performing on-chain operations such as balance checks and token swaps. The calls are implemented using argument lists rather than shell strings, reducing command injection risks. - [DATA_EXFILTRATION]: The bot starts a local HTTP server on port 3248 to host a web dashboard. This dashboard serves trading state and wallet snapshots to the user. The control endpoints (pause, reset, config) are restricted to connections from localhost (127.0.0.1) to prevent external interference.
- [PROMPT_INJECTION]: The instructions include a 'Claude Launch Protocol' and 'Iron Rules'. These are defensive instructions that mandate safety gates, risk assessments, and explicit user confirmation before any live trading is permitted.
- [SAFE]: The developer has implemented a strict 'External Data Boundary' policy. This policy instructs the agent to treat all blockchain-sourced data as untrusted and provides a list of sanitized fields for display, specifically to mitigate indirect prompt injection vulnerabilities.
- [SAFE]: The skill manages persistence by updating
config.pyat runtime to save user-defined parameters. While this involves self-modifying code, it is used exclusively for standard configuration persistence without dynamic code execution or external script generation.
Audit Metadata