WalletChan
Security checks across malware telemetry and agentic risk
Overview
WalletChan is a clearly disclosed wallet co-pilot skill, but it should be used carefully because it can help confirm crypto transactions through a browser extension.
Use this only with the official WalletChan extension, a dedicated Chrome profile, and remote debugging bound to localhost. Share only the scoped Agent Password, never the master password or seed phrase, and personally review each decoded transaction or signature before allowing confirmation.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.