Oathe Security Badge

Is lxcong/web3-data-skill safe?

https://github.com/lxcong/web3-data-skill

95
SAFE

This skill is a legitimate Web3 blockchain data querying tool that interfaces with the Chainbase API. The functionality matches its description, with clean code and no malicious behavior detected. The only minor concern is dynamic input processing in the bash script, which is expected for this type of tool.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (1)

LOW Bash script processes user input -10

The chainbase.sh script accepts arbitrary endpoint and parameter inputs from users and constructs API calls dynamically. While this appears to be legitimate functionality for querying blockchain data, it represents a potential attack surface if not properly validated.