Back to skill
Skillv1.0.0
VirusTotal security
NEAR Intents 1click Api · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:01 AM
- Hash
- 3173ad122c7848014ae24950b49d74364ce6f253c6f6c60a2659ff4fed4e06dc
- Source
- palm
- Verdict
- benign
- Code Insight
- Package: NEAR Intents (xpi) Version: 2.0.0 Description: Universal cross-chain swap & bridge powered by NEAR Intents 1Click SDK. Supports 14+ blockchains including NEAR, Base, Ethereum, Arbitrum, Solana, and Bitcoin. Production-ready with mandatory refund address protection. The NEAR Intents package (v2.0.0) provides a universal cross-chain swap and bridge functionality, primarily through the `executeIntent()` function in `index.ts`. This function integrates with the official `@defuse-protocol/one-click-sdk-typescript` and NEAR-JS libraries. A critical safety feature is implemented: mandatory `refundAddress` validation for cross-chain swaps originating from non-NEAR chains. If this address is not provided, the function explicitly throws an error, preventing potential fund loss. Sensitive credentials (NEAR private keys, 1-Click JWT) are correctly sourced from environment variables, which is a standard secure practice for server-side applications. Minor concerns include `scripts/generate-account.ts` writing a newly generated private key to `.env.example`. While intended as a template, this practice carries a risk of accidental exposure if not handled with extreme care. Additionally, `scripts/logic.ts` appears to be an alternative or incomplete implementation of core swap logic, relying on undeclared local modules (`./near-intents-lib`). Its presence is suspicious due to potential confusion or unintended execution paths, but its direct impact on the skill's primary functionality is limited as `index.ts` is the declared entrypoint. The package relies on trusted third-party APIs (Defuse Protocol, CoinGecko) for its core operations. Overall, the package demonstrates a strong focus on security in its primary execution path and documentation, outweighing the minor issues in auxiliary scripts.
- External report
- View on VirusTotal