中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
nansen-wallet-keychain-migration
Migrate an existing nansen-cli wallet from insecure password storage (env files, .credentials) to the new secure keychain-backed flow.
A well-documented wallet migration skill focused on moving credentials from insecure storage to secure keychain, with explicit security rules and no malicious indicators.
技能名称nansen-wallet-keychain-migration
分析耗时27.7s
引擎pi
可以安装
Skill is safe to use. Follow documented procedures carefully, especially the verification steps.

安全发现 1 项

严重性 安全发现 位置
低危
Access to sensitive credential paths 敏感访问
Skill reads ~/.nansen/.env and ~/.nansen/wallets/.credentials during migration. However, this is declared, user-authorized, and necessary for the legitimate migration workflow.
source ~/.nansen/.env 2>/dev/null && nansen wallet secure
→ User must explicitly authorize reading the .env file before this operation proceeds.
 SKILL.md:40
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 allowed-tools: Bash(nansen:*)
环境变量 READ READ ✓ 一致 metadata.requires.env includes NANSEN_API_KEY, NANSEN_WALLET_PASSWORD
文件系统 READ READ ✓ 一致 References ~/.nansen/.env and ~/.nansen/wallets/.credentials with user authoriza…

目录结构

1 文件 · 5.7 KB · 183 行
Markdown 1f · 183L
└─ 📝 SKILL.md Markdown 183L · 5.7 KB

安全亮点

✓ Explicitly declares allowed-tools: Bash(nansen:*) - no hidden shell access
✓ NEVER generate a password rule prevents AI password creation
✓ NEVER store password in files, memory, logs, or conversation history
✓ NEVER use --human flag to prevent interactive prompt injection
✓ Requires user authorization before reading ~/.nansen/.env
✓ Emphasizes reading credentials in same command without logging
✓ Strong verification requirements prove migration success
✓ Includes cleanup of insecure files (rm -f ~/.nansen/.env)
✓ No external network requests, base64, or obfuscation
✓ No dependencies or supply chain risks
✓ Clear error handling for password loss scenarios
✓ Well-structured documentation matching code behavior