Back to skill

Security audit

Bondterminal X402

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent paid BondTerminal API helper, but it gives the agent access to a funded crypto signer and can spend USDC automatically without clear approval or spend-limit controls.

Install only if you are comfortable letting the agent use a dedicated low-balance Base wallet for paid BondTerminal API calls. Do not use a primary wallet; prefer a hardware wallet, KMS, or secrets manager, pin dependency versions, and add explicit confirmation plus per-request and total-session spend limits before any payment signature is created.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This markdown file applies to SQP-2, and it describes that the skill should be used for bond queries while 'supports automatic 402 → payment → retry' indicates the skill may automatically spend funds. Although the per-request cost is disclosed, there is no explicit warning to confirm with the user before making paid calls or that using the skill will spend wallet funds on their behalf.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal