Security audit
ArbiLink — Arbitrum Agent Plugin
Security checks across malware telemetry and agentic risk
Overview
ArbiLink mostly matches its Arbitrum purpose, but it exposes cross-chain payment-intent capability and credential use without clear scope or approval controls, and includes mismatched skill documentation.
Before installing, decide whether you really need the ChainRails cross-chain features. If you do, use a limited API key, keep payment-intent creation behind explicit human approval, and verify the package’s skill documentation and config schema are corrected so the agent only receives accurate ArbiLink instructions.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
