Fund

Security checks across malware telemetry and agentic risk

Overview

This wallet-funding skill appears legitimate, but it deserves review because it combines a financial onramp flow with broad activation wording and overbroad shell command permissions.

Review before installing. Use this only if you intend agents to help open a wallet funding interface, and be aware it runs `npx awal@latest` and grants wildcard Bash permissions around that CLI. The publisher should narrow activation to explicit wallet-funding requests, require confirmation for inferred insufficient-balance cases, pin or justify the CLI version, and replace wildcard command permissions with exact commands where possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The manifest description contains many broad trigger phrases such as 'fund,' 'deposit,' 'top up,' 'add funds,' and 'how do I get USDC,' which can cause the skill to activate for general finance-related user requests beyond the intended wallet-funding context. Because this skill can open an onramp flow and steer users toward adding money, over-triggering creates a real risk of inappropriate invocation in sensitive financial conversations and unnecessary exposure to payment flows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal