Skills
skills/therealharpaljadeja/monskills/monskill/Gen Agent Trust Hub

monskill

Fail

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Automated scanners identified the external domain openfort.xyz as a malicious URL. This domain is referenced as a service provider in the wallet infrastructure directory.
  • [EXTERNAL_DOWNLOADS]: Reference files tooling-and-infra/references/wallet-infra.md and its Chinese translation were flagged as potentially infected by automated scanners.
  • [REMOTE_CODE_EXECUTION]: The vercel-deploy skill downloads a script from https://skills.devnads.com/vercel-deploy/deploy.sh and executes it locally to facilitate project deployment.
  • [REMOTE_CODE_EXECUTION]: The propose.sh utility script performs runtime installation of Node.js packages into a local cache directory (~/.monskills/propose-deps/).
  • [DATA_EXFILTRATION]: The deployment process packages the project's source code into a tarball and transmits it to a remote API at claude-skills-deploy.vercel.com.
  • [COMMAND_EXECUTION]: The skill uses various shell commands, including cast and forge for blockchain operations, tar for archiving, and envio-cloud for indexer management.
  • [SAFE]: The skill implements secure keystore management using Foundry's encrypted keystore format, avoiding the storage of plaintext private keys.
Recommendations
  • CRITICAL: 2 infected file(s) detected - DO NOT USE
  • AI detected serious security threats
  • Contains 3 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
May 8, 2026, 02:39 AM