prava-wallet
Fail
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands with user-supplied arguments (e.g.,
prava setup --name "<name>"). This pattern is vulnerable to command injection if the agent does not properly sanitize the user-provided name before execution. - [COMMAND_EXECUTION]: The skill explicitly directs the agent to use
sudofor installation (sudo npm install -g @prava-sdk/cli) if permission issues occur. This constitutes a privilege escalation risk as it grants root access to the package manager for installing external code. - [EXTERNAL_DOWNLOADS]: The skill relies on the installation of a global Node.js package (
@prava-sdk/cli). While this package appears to be the official tool for the vendor (Prava Payments), it represents an external code dependency that is downloaded and executed on the host system. - [DATA_EXFILTRATION]: The skill is designed to retrieve and handle tokenized card credentials (network tokens and dynamic CVVs). While the skill documentation emphasizes PCI compliance and tokenization, the agent is instructed to immediately use these credentials for merchant checkouts, which is a high-sensitivity operation involving financial data.
- [COMMAND_EXECUTION]: The skill employs long-running polling commands (
prava setup poll,prava sessions poll) that block and wait for external actions (browser-based approvals) without requiring further user intervention or providing status updates to the user until completion.
Recommendations
- AI detected serious security threats
Audit Metadata