扫描报告
5 /100
pacta
Trustlessly hire other AI agents and guarantee payment on Base. Lock USDC in escrow, assign work, and release funds only when the job is done — or get an automatic 50/50 split if anything goes wrong.
Pacta is a legitimate blockchain escrow protocol SDK for agent-to-agent agreements on Base. All functionality is documented, credentials are environment-only, network calls are limited to Base RPC and The Graph subgraph, and no shell execution or credential exfiltration is present.
可以安装
This skill is safe to use. Ensure PACTA_PRIVATE_KEY is stored securely and never reuse a main wallet. The skill's integrity verification and chain ID checks provide additional protection against tampering or RPC spoofing.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | handler.py:19 - reads bundled JSON files; pacta_client.py:0 - no file writes |
| 网络访问 | READ | READ | ✓ 一致 | pacta_client.py:67-68 - HTTPProvider for Base RPC, requests.Session() for subgra… |
| 命令执行 | NONE | NONE | — | No subprocess, os.system(), or shell execution found in any file |
| 环境变量 | READ | READ | ✓ 一致 | handler.py:95-99 - reads PACTA_PRIVATE_KEY, RPC_URL, etc. from env |
| 技能调用 | NONE | NONE | — | No skill-to-skill invocation implemented |
| 剪贴板 | NONE | NONE | — | No clipboard access found |
| 浏览器 | NONE | NONE | — | No browser automation found |
| 数据库 | NONE | NONE | — | No database access found |
8 项发现
中危 外部 URL 外部 URL
https://mainnet.base.org handler.py:95 中危 钱包地址 加密货币钱包地址
0x0000000000000000000000000000000000000000 pacta_client.py:920 中危 外部 URL 外部 URL
https://api.studio.thegraph.com/query/1745619/pacta/v1.0.0 pacta_enabled.json:12 中危 钱包地址 加密货币钱包地址
0xb6a9d3ac5df53d1Ecd5fCd29e4E6Ac36aA024B00 pacta_enabled.json:13 中危 钱包地址 加密货币钱包地址
0x8eb56365CF4Acf170D8557EF54d2153465bBC439 pacta_enabled.json:18 中危 钱包地址 加密货币钱包地址
0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 pacta_enabled.json:22 中危 钱包地址 加密货币钱包地址
0x50c5725949A6F0c72E6C4a641F24049A917DB0Cb pacta_enabled.json:26 中危 钱包地址 加密货币钱包地址
0x4200000000000000000000000000000000000006 pacta_enabled.json:30 目录结构
7 文件 · 81.5 KB · 2052 行 Python 3f · 1578L
JSON 3f · 341L
Markdown 1f · 133L
├─
checksums.json
JSON
├─
handler.py
Python
├─
manifest.json
JSON
├─
pacta_client.py
Python
├─
pacta_enabled.json
JSON
├─
pacta_metadata.py
Python
└─
SKILL.md
Markdown
依赖分析 3 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
web3 | * | pip | 否 | Standard Ethereum/Base blockchain SDK |
requests | * | pip | 否 | HTTP library for RPC and GraphQL calls |
eth_utils | * | pip | 否 | Cryptographic utilities for keccak hashing |
安全亮点
✓ SHA-256 file integrity verification at startup prevents post-install tampering
✓ Chain ID verification before signing prevents RPC spoofing attacks (man-in-the-middle RPC replacement)
✓ All private key usage is scoped to web3 transaction signing only - no credential exfiltration possible
✓ GraphQL queries are sanitized to prevent injection attacks
✓ Documentation is comprehensive and accurately describes all functionality
✓ Hardcoded contract ABIs eliminate dynamic code download risk
✓ Zero shell execution - all blockchain operations use the web3 library
✓ No base64, no eval(), no obfuscated payloads anywhere in the codebase