中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:22 hr ago Rescan
15 /100
nansen-wallet-manager
Wallet management — create (local or Privy server-side), list, show, export, send, delete. Use when creating wallets, checking balances, or sending tokens.
The skill is a documentation-only wrapper for a third-party CLI tool (`nansen`) with no implementation code present; the SKILL.md accurately describes its capabilities but no code exists to audit for hidden behavior.
Skill Namenansen-wallet-manager
Duration38.5s
Enginepi
Safe to install
Request the actual `nansen-cli` implementation (binary/source) before trusting this skill with production wallet operations. Audit the closed-source binary independently.

Findings 3 items

Severity Finding Location
Medium
Third-party closed-source binary not auditable Supply Chain
The skill provides only a SKILL.md with no implementation code. All actual wallet operations (create, export, send, delete) are executed by the 'nansen' CLI binary (npm package 'nansen-cli'). This binary is not provided for security review, meaning the skill operator cannot audit the actual code that handles private keys, credentials, and network requests.
bins: [nansen]
→ Request the source code or a reproducible build of nansen-cli from a verified vendor before using this skill with real funds. Use Privy server-side wallets to avoid private key exposure to the agent machine.
 SKILL.md:6
Low
Insecure credential fallback documented Credential Theft
SKILL.md states that if OS keychain is unavailable (e.g., containers, CI), the nansen CLI falls back to storing the wallet password in plaintext at ~/.nansen/wallets/.credentials. This creates a credential theft risk on shared/multi-user systems.
~/.nansen/wallets/.credentials file — insecure fallback when no keychain is available
→ Avoid using local wallets in non-keychain environments. Always use Privy server-side wallets in agent/CI contexts. The 'nansen wallet secure' command should be enforced post-creation.
 SKILL.md:74
Low
No script or code files to verify documented behavior Doc Mismatch
SKILL.md documents the intended behavior of the nansen CLI but provides zero implementation code. There is no way to verify that the actual binary behaves exactly as documented. Any discrepancy between the binary and the docs would be invisible.
The entire skill is SKILL.md only — no scripts/
→ Treat the documented behavior as unverified intent, not a security guarantee. Audit the binary independently.
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No implementation code present; filesystem access implied by CLI behavior (walle…
Network NONE NONE No implementation code; 'nansen' CLI likely makes RPC/API calls but not visible …
Shell WRITE WRITE ✓ Aligned allowed-tools: Bash(nansen:*) — declared shell access limited to nansen CLI only…
Environment READ READ ✓ Aligned NANSEN_API_KEY, PRIVY_APP_ID, PRIVY_APP_SECRET, NANSEN_WALLET_PASSWORD env vars …
Skill Invoke NONE NONE No skill-to-skill invocation declared or visible.
Clipboard NONE NONE No clipboard access observed.
Browser NONE NONE No browser access.
Database NONE NONE No database access.
1 findings
💰
Medium Wallet Address 加密货币钱包地址
0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
SKILL.md:30

File Tree

1 files · 6.4 KB · 198 lines
Markdown 1f · 198L
└─ 📝 SKILL.md Markdown 198L · 6.4 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
nansen-cli unknown npm No No package.json present; version not declared in SKILL.md metadata. Closed-source binary — cannot audit code.

Security Positives

✓ SKILL.md is comprehensive and clearly documents credential handling, password requirements, and keychain usage
✓ No base64-encoded payloads, reverse shells, or obfuscated code found
✓ No hidden HTML comments or embedded instructions found
✓ No curl|bash or wget|sh remote script execution patterns present
✓ No direct credential exfiltration endpoints hardcoded in documentation
✓ Agent rules are well-defined: never generate passwords, never store passwords in logs/history
✓ Privy server-side wallet option avoids private key touching the agent machine
✓ Export of private keys is properly gated behind local wallet provider only
✓ allowed-tools declaration is narrow: Bash(nansen:*) — shell access limited to one CLI tool