@554/wallet
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes blockchain transactions and message signing operations. These are the core intended functions of a wallet tool and are properly documented. Transaction broadcasting is gated by an optional policy system that can require user confirmation.
- [EXTERNAL_DOWNLOADS]: The skill fetches wallet balances and token lists from well-known third-party services including DeBank and Birdeye. These requests are performed using a proxied HTTP client and are authenticated via environment-managed API keys.
- [DATA_EXFILTRATION]: The skill interacts with a central wallet service and external blockchain APIs. It uses OIDC tokens fetched from a local Unix socket (/.fly/api) for authentication, which is standard for Fly.io infrastructure. No sensitive data is transmitted to unauthorized or suspicious domains.
- [DYNAMIC_EXECUTION]: The skill includes a runtime patch for
aiohttpintools/common.pyto resolve a known incompatibility with Brotli. This modification is targeted and transparently documented for compatibility purposes within the execution environment.
Audit Metadata