oneshot
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install official vendor packages from npm, including @oneshot-agent/sdk and @oneshot-agent/mcp-server, as well as the @coinbase/cdp-sdk for secure wallet management. These are recognized as legitimate resources provided by the vendor.
- [COMMAND_EXECUTION]: The instructions include standard shell commands for package installation via npm and configuration of the MCP server using npx. These are essential for the primary purpose of initializing the agent's capabilities.
- [SAFE]: Security is maintained by documenting the use of environment variables for handling sensitive API keys and private keys, ensuring that credentials are not hardcoded or exposed within the skill's logic. No malicious behavior or obfuscation was found during the analysis.
Audit Metadata