Send Token

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenAnt wallet transfer helper with real financial risk, but its instructions are coherent and require explicit confirmation before sending funds.

Install only if you want an agent to help operate your OpenAnt wallet. Before approving any transfer, independently verify the chain, token, amount, and full recipient address; blockchain transfers are usually irreversible, and the skill runs the external OpenAnt CLI at runtime.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The manifest description uses very broad trigger phrases such as "send," "transfer," "pay someone," and "transfer to address," which can cause the agent to invoke this skill for a wide range of wallet-related requests. Because this skill performs irreversible blockchain transfers, overbroad routing increases the risk of accidental invocation in ambiguous contexts, leading to unintended asset movement if the broader agent flow mishandles confirmation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal