Cardano Transactions

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed Cardano transaction helper, but using it can authorize real irreversible wallet transactions.

Install only if you intend to let an agent help submit Cardano transactions. Treat every confirmation as financially consequential: verify recipient addresses, assets, amounts, fees, network, and use a wallet with limited funds rather than a primary seed phrase.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation states that `submit_transaction` will sign and submit a Cardano transaction, but it does not clearly warn that this operation authorizes a blockchain transaction from the user's connected wallet and broadcasts it irreversibly to the network. In a wallet-connected skill, understated documentation can lead users or integrators to invoke the tool without appreciating that it may move assets or incur permanent on-chain effects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal