Scan Report
0 /100
smoothsend-gasless
Guide for sponsoring gas fees on Aptos dApps using SmoothSend SDK for gasless transactions
This is a legitimate documentation skill for SmoothSend's Aptos gasless transaction SDK with no malicious behavior detected.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file system access in documentation or code |
| Network | NONE | NONE | — | Only references external documentation URLs |
| Shell | NONE | NONE | — | No shell execution commands |
| Environment | NONE | NONE | — | Mentions env vars for API keys only (legitimate use) |
| Skill Invoke | NONE | NONE | — | No skill invocation capabilities |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
6 findings
Medium External URL 外部 URL
https://smoothsend.xyz SKILL.md:19 Medium External URL 外部 URL
https://docs.smoothsend.xyz/pricing SKILL.md:24 Medium External URL 外部 URL
https://dashboard.smoothsend.xyz/billing SKILL.md:129 Medium External URL 外部 URL
https://docs.smoothsend.xyz SKILL.md:159 Medium External URL 外部 URL
https://dashboard.smoothsend.xyz SKILL.md:161 Medium External URL 外部 URL
https://www.npmjs.com/package/@smoothsend/sdk SKILL.md:162 File Tree
1 files · 5.9 KB · 165 lines Markdown 1f · 165L
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@smoothsend/sdk | latest | npm | No | Official SmoothSend SDK for gasless transactions |
@aptos-labs/wallet-adapter-react | latest | npm | No | Official Aptos wallet adapter |
Security Positives
✓ Clear and accurate documentation of service capabilities
✓ Explicitly states this is a paid commercial service
✓ Good security practices: warns against hardcoding API keys
✓ Recommends using environment variables for credentials
✓ No shell execution, credential harvesting, or data exfiltration
✓ No obfuscation or hidden functionality
✓ Standard npm package dependencies from legitimate sources
✓ Addresses error handling (402 for insufficient credits)