Skip to main content

sati-sdk

Enables the creation and management of on-chain AI agent identities and reputations using SATI on the Solana blockchain.

Install this skill

or
56/100

Security score

The sati-sdk skill was audited on May 26, 2026 and we found 24 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 265

Template literal with variable interpolation in command context

SourceSKILL.md
265await cache.set(`feedback:${walletAddress}:${agentMint}`, prepared);
medium line 275

Template literal with variable interpolation in command context

SourceSKILL.md
275const prepared = await cache.get(`feedback:${walletAddress}:${agentMint}`);
medium line 108

Curl to non-GitHub URL

SourceSKILL.md
108curl -sf https://myagent.com/mcp > /dev/null && \
low line 299

Fetch to external URL

SourceSKILL.md
299const { messageHex } = await fetch("/api/prepare-feedback", {
low line 315

Fetch to external URL

SourceSKILL.md
315await fetch("/api/submit-feedback", {
medium line 386

Webhook reference - potential data exfiltration

SourceSKILL.md
386**Incremental sync (scoring providers):** There is no `sinceSlot` filter - Photon RPC does not support slot-range queries on compressed accounts. For incremental updates, track `item.raw.slotCreated`
medium line 577

Webhook reference - potential data exfiltration

SourceSKILL.md
577> **Note:** EVM address links (from `linkEvmAddress`) are not queryable via REST API - they are stored as Anchor events only. Retrieving them requires a Solana transaction log indexer (Helius webhooks
low line 36

External URL reference

SourceSKILL.md
36"type": "https://eips.ethereum.org/EIPS/eip-8004#registration-v1",
low line 39

External URL reference

SourceSKILL.md
39"image": "https://example.com/avatar.png",
low line 41

External URL reference

SourceSKILL.md
41"files": [{"uri": "https://example.com/avatar.png", "type": "image/png"}],
low line 47

External URL reference

SourceSKILL.md
47"endpoint": "https://myagent.com/mcp",
low line 55

External URL reference

SourceSKILL.md
55"endpoint": "https://myagent.com/.well-known/agent-card.json",
low line 108

External URL reference

SourceSKILL.md
108curl -sf https://myagent.com/mcp > /dev/null && \
low line 118

External URL reference

SourceSKILL.md
118![SATI Reputation](https://sati.cascade.fyi/api/badge/<YOUR_MINT>?network=mainnet)
low line 124

External URL reference

SourceSKILL.md
124[Reputation](https://sati.cascade.fyi/agent/<YOUR_MINT>)
low line 164

External URL reference

SourceSKILL.md
164const builder = sati.createAgentBuilder("MyAgent", "AI assistant", "https://example.com/avatar.png");
low line 166

External URL reference

SourceSKILL.md
166.setMCP("https://mcp.example.com", "2025-06-18", { tools: ["search"] })
low line 167

External URL reference

SourceSKILL.md
167.setA2A("https://a2a.example.com/.well-known/agent-card.json")
low line 186

External URL reference

SourceSKILL.md
186image: "https://example.com/avatar.png",
low line 187

External URL reference

SourceSKILL.md
187services: [{ name: "MCP", endpoint: "https://mcp.example.com" }],
low line 222

External URL reference

SourceSKILL.md
222endpoint: "https://agent.example", // Endpoint reviewed (optional)
low line 444

External URL reference

SourceSKILL.md
444builder.setMCP("https://new-mcp.example.com");
low line 584

External URL reference

SourceSKILL.md
584rpcUrl: "https://...", // Custom Solana RPC (optional)
low line 585

External URL reference

SourceSKILL.md
585photonRpcUrl: "https://...", // Photon/Helius RPC for Light Protocol queries (optional)
Scanned on May 26, 2026
View Security Dashboard
Installation guide →
GitHub Stars 19
Rate this skill
Categorydevelopment
UpdatedMay 31, 2026
openclawbackendapiml-ai-engineerbackend-developerproduct-managerdevelopmentproduct
cascade-protocol/sati