扫描报告
5 /100
one-wallet
Helps the agent use the one-wallet CLI to manage Ethereum/EVM wallets, send transactions, call contracts, and sign data.
A legitimate Ethereum/EVM wallet CLI wrapper skill with fully declared capabilities, no hidden functionality, and appropriate security practices for handling cryptographic material.
可以安装
Approve for use. This skill safely wraps the one-wallet CLI for Ethereum operations. No further security review required.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md: npm install -g one-wallet / yarn global add one-wallet |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md: RPC calls to Ethereum nodes via one-wallet provider |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md: ONE_WALLET_KEY_<NAME>, ONE_WALLET_PASSWORD_<NAME>, ONE_WALLET_RPC_URL |
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md: ~/.one-wallet path, ABI file reads via --abi-file flag |
1 项发现
中危 外部 URL 外部 URL
https://eth-mainnet.g.alchemy.com/v2/YOUR_KEY SKILL.md:76 目录结构
1 文件 · 8.5 KB · 347 行 Markdown 1f · 347L
└─
SKILL.md
Markdown
安全亮点
✓ All capabilities are clearly declared in SKILL.md with specific use cases
✓ Uses environment variables (ONE_WALLET_KEY_*, ONE_WALLET_PASSWORD_*) for secrets instead of hardcoding — appropriate for a wallet tool
✓ No obfuscation, base64 execution, or suspicious patterns detected
✓ No hidden instructions, comments, or shadow functionality present
✓ External dependencies are confined to the npm package 'one-wallet' with no direct code execution
✓ No credential harvesting beyond what is necessary for the wallet's core functionality
✓ Proper security guidance provided: 'Never hard-code real private keys or passwords in source-controlled files'
✓ RPC network calls are declared and necessary for blockchain interaction