中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:16 hr ago Rescan
15 /100
goodwallet
MPC agentic wallet management CLI for ETH/ERC-20 token operations and Polymarket prediction market trading
This is a legitimate CLI wrapper skill for a crypto wallet management tool (goodwallet), fully documented with no hidden functionality or credential exfiltration.
Skill Namegoodwallet
Duration42.1s
Enginepi
Safe to install
The skill is safe to use. Consider pinning the npm package to a specific hash in addition to the version for stronger supply chain assurance. Monitor the SIGN_URL environment variable as it could theoretically redirect signing operations.

Findings 3 items

Severity Finding Location
Low
Remote npm package execution without integrity pinning Supply Chain
The skill executes npx [email protected] from the npm registry. While a version is pinned, there is no cryptographic hash verification (e.g., --package-hashes or integrity field). A compromised npm account or typosquat could deliver malicious code.
All commands are run via `npx [email protected]`.
→ Pin to a content hash or consider vendoring the package. Monitor the goodwallet npm package for unusual publish activity.
 SKILL.md:9
Low
SIGN_URL environment variable could redirect signing operations Supply Chain
The skill respects a SIGN_URL environment variable (default: sign.goodwallet.dev) which controls the signing service endpoint. If set to a malicious server, signing operations could be redirected. The skill correctly documents this.
| `SIGN_URL` | `sign.goodwallet.dev` | Override the signing service endpoint |
→ This is documented and user-controlled. Ensure users understand not to set SIGN_URL to untrusted values.
 SKILL.md:75
Info
Wallet credentials stored in plain text in user config directory Credential Theft
Credentials (apiKey, share, address) are stored in plaintext at ~/.config/goodwallet/config.json. While the MPC 'share' architecture means this alone is insufficient for key compromise, any local malware or misconfigured permissions could access these files.
credentials (`apiKey`, `share`, `address`) are saved to `~/.config/goodwallet/config.json`
→ This is inherent to the MPC wallet architecture described. Ensure filesystem permissions on ~/.config are appropriately restricted.
 SKILL.md:29
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned All commands execute via npx [email protected] in bash — shell:WRITE usage is ful…
Filesystem WRITE WRITE ✓ Aligned ~/.config/goodwallet/config.json and ~/.local/state/goodwallet/session.json — de…
Network READ READ ✓ Aligned npx fetches from npm registry; pair command polls sign.goodwallet.dev; declared …
Environment NONE READ ✓ Aligned Uses $SIGN_URL env var (default: sign.goodwallet.dev) — declared in Environment …
Clipboard NONE NONE No clipboard access observed
Browser NONE NONE Auth URL is shown to user; user opens manually — no programmatic browser control
Database NONE NONE No database access observed
Skill Invoke NONE NONE No cross-skill invocation observed
2 findings
💰
Medium Wallet Address 加密货币钱包地址
0x0000000000000000000000000000000000001010
SKILL.md:81
💰
Medium Wallet Address 加密货币钱包地址
0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359
SKILL.md:84

File Tree

1 files · 6.9 KB · 197 lines
Markdown 1f · 197L
└─ 📝 SKILL.md Markdown 197L · 6.9 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
goodwallet 0.3.0 npm No No integrity hash pinning — relies on npm's package signing only

Security Positives

✓ SKILL.md is comprehensive and fully documents all commands, file locations, and environment variables
✓ No hidden functionality — the entire capability surface is declared
✓ No credential exfiltration — credentials are stored locally and never sent anywhere except the legitimate signing service
✓ Auth URL is shown to user who opens it manually — no silent browser automation
✓ No base64 encoding, obfuscation, or anti-analysis patterns
✓ No attempts to access sensitive paths like ~/.ssh, ~/.aws, or .env
✓ No reverse shell, C2, or data theft indicators
✓ Version pinned to 0.3.0 in all npx calls
✓ Token transfers require explicit user initiation through CLI commands