KashDAO CLI
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Workspace inspection failed, so no artifact-backed suspicious behavior was identified from the available clean telemetry alone.
Do not rely on this low-confidence review as an installation approval; rerun the scan in an environment where metadata.json and artifact/ can be read.
Publisher note
The CLI makes outbound HTTPS calls only after explicit user commands: - Kash REST API at api-staging.kash.bot (kash_test_* keys) or api.kash.bot (kash_live_*) - Authenticates via the user-supplied KASH_API_KEY env var - In `kash protocol` mode, also calls the user-configured Base / Base Sepolia RPC and ERC-4337 bundler endpoints - No background telemetry, no auto-updates, no calls without an explicit subcommand
Static analysis
No static analysis findings were reported for this release.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
No visible risk-analysis findings were reported for this release.