PaySpawn — On-Chain Spending Limits for AI Agents
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed payment-control helper for agents, but users should treat it carefully because it can authorize real USDC spending within configured limits.
Install only if you intend to let an agent make payments. Pin and verify the @payspawn/sdk version, keep PAYSPAWN_CREDENTIAL secret, set minimal daily and per-transaction limits, use recipient allowlists where possible, choose a short expiry, and revoke or pause credentials when no longer needed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.