中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:1 天前 重新扫描
15 /100
nansen-wallet-manager
Wallet management — create (local or Privy server-side), list, show, export, send, delete. Use when creating wallets, checking balances, or sending tokens.
The skill is a documentation-only wrapper for a third-party CLI tool (`nansen`) with no implementation code present; the SKILL.md accurately describes its capabilities but no code exists to audit for hidden behavior.
技能名称nansen-wallet-manager
分析耗时38.5s
引擎pi
可以安装
Request the actual `nansen-cli` implementation (binary/source) before trusting this skill with production wallet operations. Audit the closed-source binary independently.

安全发现 3 项

严重性 安全发现 位置
中危
Third-party closed-source binary not auditable 供应链
The skill provides only a SKILL.md with no implementation code. All actual wallet operations (create, export, send, delete) are executed by the 'nansen' CLI binary (npm package 'nansen-cli'). This binary is not provided for security review, meaning the skill operator cannot audit the actual code that handles private keys, credentials, and network requests.
bins: [nansen]
→ Request the source code or a reproducible build of nansen-cli from a verified vendor before using this skill with real funds. Use Privy server-side wallets to avoid private key exposure to the agent machine.
 SKILL.md:6
低危
Insecure credential fallback documented 凭证窃取
SKILL.md states that if OS keychain is unavailable (e.g., containers, CI), the nansen CLI falls back to storing the wallet password in plaintext at ~/.nansen/wallets/.credentials. This creates a credential theft risk on shared/multi-user systems.
~/.nansen/wallets/.credentials file — insecure fallback when no keychain is available
→ Avoid using local wallets in non-keychain environments. Always use Privy server-side wallets in agent/CI contexts. The 'nansen wallet secure' command should be enforced post-creation.
 SKILL.md:74
低危
No script or code files to verify documented behavior 文档欺骗
SKILL.md documents the intended behavior of the nansen CLI but provides zero implementation code. There is no way to verify that the actual binary behaves exactly as documented. Any discrepancy between the binary and the docs would be invisible.
The entire skill is SKILL.md only — no scripts/
→ Treat the documented behavior as unverified intent, not a security guarantee. Audit the binary independently.
 SKILL.md:1
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No implementation code present; filesystem access implied by CLI behavior (walle…
网络访问 NONE NONE No implementation code; 'nansen' CLI likely makes RPC/API calls but not visible …
命令执行 WRITE WRITE ✓ 一致 allowed-tools: Bash(nansen:*) — declared shell access limited to nansen CLI only…
环境变量 READ READ ✓ 一致 NANSEN_API_KEY, PRIVY_APP_ID, PRIVY_APP_SECRET, NANSEN_WALLET_PASSWORD env vars …
技能调用 NONE NONE No skill-to-skill invocation declared or visible.
剪贴板 NONE NONE No clipboard access observed.
浏览器 NONE NONE No browser access.
数据库 NONE NONE No database access.
1 项发现
💰
中危 钱包地址 加密货币钱包地址
0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
SKILL.md:30

目录结构

1 文件 · 6.4 KB · 198 行
Markdown 1f · 198L
└─ 📝 SKILL.md Markdown 198L · 6.4 KB

依赖分析 1 项

包名版本来源已知漏洞备注
nansen-cli unknown npm No package.json present; version not declared in SKILL.md metadata. Closed-source binary — cannot audit code.

安全亮点

✓ SKILL.md is comprehensive and clearly documents credential handling, password requirements, and keychain usage
✓ No base64-encoded payloads, reverse shells, or obfuscated code found
✓ No hidden HTML comments or embedded instructions found
✓ No curl|bash or wget|sh remote script execution patterns present
✓ No direct credential exfiltration endpoints hardcoded in documentation
✓ Agent rules are well-defined: never generate passwords, never store passwords in logs/history
✓ Privy server-side wallet option avoids private key touching the agent machine
✓ Export of private keys is properly gated behind local wallet provider only
✓ allowed-tools declaration is narrow: Bash(nansen:*) — shell access limited to one CLI tool