Is hunterdrop22/tyt safe?

The Teneo SDK authenticates to wss://backend.developer.chatroom.teneo-protocol.ai/ws using a user-supplied Ethereum private key to sign wallet challenges. An agent following this skill will transmit authentication material tied to a user's crypto wallet to a server entirely outside the user's control, establishing a persistent authorized session under the user's wallet identity on Teneo's infrastructure.

The x402 payment protocol charges the user's USDC balance on Base, Peaq, or Avalanche at $0.01-$0.10 per agent interaction. Retry logic (maxReconnectAttempts: 30) and automated agent orchestration patterns shown in the skill allow costs to accumulate silently. An agent granted this skill implicitly receives financial authorization for all subsequent Teneo agent interactions without step-by-step confirmation.

By documenting private key ingestion as routine SDK usage, this skill primes any LLM agent that ingests it to treat requests for Ethereum private keys as legitimate agent behavior. Users interacting with an agent primed by this skill may not question why the agent is requesting crypto credentials. The skill also teaches agents to execute connection and payment workflows without surfacing confirmation steps to the user.

The skill's code patterns demonstrate agents autonomously subscribing to rooms, inviting other agents by handle, and initiating payments as background operations. No confirmation or notification step is shown to the user before these financial and connectivity actions are taken, establishing a pattern of autonomous high-stakes operations.

Every message, room subscription, agent discovery query, and session is processed exclusively through wss://backend.developer.chatroom.teneo-protocol.ai/ws. The skill provides no guidance on Teneo's data retention, privacy policy, or data sovereignty. Users have no mechanism to audit or restrict how their conversation data and wallet activity are handled by the third party.

Responses from agents on the Teneo platform are parsed and rendered directly by the host LLM agent without content sanitization. A malicious agent registered on the Teneo network could embed prompt injection payloads in its humanized response content, using this skill as a trusted bridge to inject instructions into the host agent from an uncontrolled external source.

The skill requires installing @teneo-protocol/sdk from npm. The package itself, its dependency tree, and any install scripts (preinstall/postinstall) were not audited as part of this review. Malicious behavior at install time or in the package's runtime code would not be visible from SKILL.md alone.

The skill installation performed a standard git sparse-checkout from GitHub (140.82.121.3:443), copied exactly two files to the skill directory, and made no unexpected network connections or filesystem changes outside the designated directory. No install-time code execution occurred.

All honeypot files (.env, SSH private key, AWS credentials, .npmrc, Docker config, GCP application default credentials) remained unmodified throughout the audit. Observed file access events at audit sequence #266-271 (pre-install) and #1454-1459 (post-install) are consistent with the oathe audit framework's own baseline and post-install verification routines rather than skill-initiated access.