wallet
Fail
Audited by Snyk on Jun 27, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs decrypting the keystore to produce the raw private key ("0x...") for use in scripts and shows a command that extracts that literal key, which requires handling and could lead to including secret values verbatim in generated commands or outputs.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The content includes an explicit backdoor pattern: deployment commands and the DeploySafeCREATE2 flow add a third owner (OWNER_3 / CLAUDE_ADDRESS) into every multisig (2-of-3 threshold), silently granting a third party signing power, and the docs also instruct decrypting the agent keystore (using an empty/unsafe password) and piping the raw private key into environment variables for scripts — a deliberate credential-exposure pattern that enables unauthorized control or exfiltration.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). propose.sh performs a runtime npm install (installing viem and qrcode-terminal) into ~/.monskills/propose-deps, which fetches and executes remote packages from the npm registry (e.g. https://registry.npmjs.org) required by propose.mjs, so remote code is fetched and run at skill runtime.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly about crypto wallet management and transaction signing: it instructs creating an encrypted keystore, using "cast wallet" commands, decrypting the private key for scripts, using the agent wallet at ~/.monskills/keystore, funding the wallet, and proposing/executing transactions (deploy contracts, manage funds) via a Safe multisig wrapper. These are specific blockchain/crypto wallet and signing capabilities (not generic). Even though multisig proposal rules are present, the skill provides concrete commands and procedures that enable the agent to sign and execute on-chain transactions. This meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs the agent to create and manage an on-host keystore (writing persistent files under ~/.monskills/keystore) and to decrypt private keys into plaintext for use in scripts, which modifies the machine state and exposes sensitive credentials.
Issues (5)
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata