Scan Report
5 /100
nansen-wallet-keychain-migration
Migrate an existing nansen-cli wallet from insecure password storage (env files, .credentials) to the new secure keychain-backed flow.
A well-documented wallet migration skill focused on moving credentials from insecure storage to secure keychain, with explicit security rules and no malicious indicators.
Safe to install
Skill is safe to use. Follow documented procedures carefully, especially the verification steps.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Access to sensitive credential paths Sensitive Access | SKILL.md:40 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | allowed-tools: Bash(nansen:*) |
| Environment | READ | READ | ✓ Aligned | metadata.requires.env includes NANSEN_API_KEY, NANSEN_WALLET_PASSWORD |
| Filesystem | READ | READ | ✓ Aligned | References ~/.nansen/.env and ~/.nansen/wallets/.credentials with user authoriza… |
File Tree
1 files · 5.7 KB · 183 lines Markdown 1f · 183L
└─
SKILL.md
Markdown
Security Positives
✓ Explicitly declares allowed-tools: Bash(nansen:*) - no hidden shell access
✓ NEVER generate a password rule prevents AI password creation
✓ NEVER store password in files, memory, logs, or conversation history
✓ NEVER use --human flag to prevent interactive prompt injection
✓ Requires user authorization before reading ~/.nansen/.env
✓ Emphasizes reading credentials in same command without logging
✓ Strong verification requirements prove migration success
✓ Includes cleanup of insecure files (rm -f ~/.nansen/.env)
✓ No external network requests, base64, or obfuscation
✓ No dependencies or supply chain risks
✓ Clear error handling for password loss scenarios
✓ Well-structured documentation matching code behavior