Blockchain Scanner

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill performs read-only blockchain lookups through AgentPMT, with no hidden code or destructive behavior found.

Install only if you intend to send wallet addresses, chain selections, and blockchain lookup parameters to AgentPMT-hosted endpoints. Do not provide private keys, seed phrases, signatures, payment headers, or unrelated personal/account data, and prefer using this skill only for explicit EVM or blockchain-scanner requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill advertises highly generic discovery terms like "balance," "address," and "chain," which can cause it to trigger in contexts far beyond blockchain analysis. That increases the chance an agent routes unrelated user data to this remote service, creating unintended external disclosure and misuse of a networked capability.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill clearly performs hosted remote tool calls, but it does not prominently warn users near the primary capability description that wallet addresses, transaction lookups, and contract queries are sent to a third-party service. This can lead to unintentional sharing of sensitive financial metadata and querying behavior without informed consent.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal