Back to skill

Security audit

USD1 Transaction

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform its advertised crypto transfer, but it needs review because it takes a raw wallet private key and can broadcast a transfer without a separate confirmation.

Install only if you understand that providing the private key authorizes blockchain transfers. Use throwaway testnet wallets only, never provide a reused or mainnet private key, and manually verify the recipient, amount, chain, and actual token before running it. Prefer a version that uses a wallet or delegated signer and requires explicit confirmation before broadcasting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill submits a transfer for token symbol 'USDC' but returns a success message claiming it transferred 'USD1'. This mismatch can mislead users, logs, or downstream automation about what asset was actually moved, which is especially dangerous in financial workflows where different stablecoins have different issuers, liquidity, and redemption risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill facilitates movement of cryptocurrency funds but does not clearly warn users that transfers are irreversible and that sending to the wrong address can permanently lose assets. In a wallet-transfer context, omission of that warning increases the chance of operator error, social engineering success, or mistaken use by downstream agents handling real credentials and destinations.

Missing User Warnings

High
Confidence
95% confidence
Finding
This code performs a live blockchain token transfer immediately after receiving parameters, with no confirmation, preview, policy check, or anti-mistake guardrails. In an agent context, that makes unintended or prompt-induced transactions much more dangerous because a single invocation can irreversibly move funds to an arbitrary address.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill asks callers to provide a raw private key and then directly uses it to sign a blockchain transfer, without any disclosure, isolation boundary, or secure secret-handling mechanism. In an agent skill, accepting plaintext signing keys is highly sensitive because the key may be exposed through logs, error handling, telemetry, prompt history, or misuse by the skill itself, enabling theft of all controlled funds.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"license": "ISC",
  "type": "commonjs",
  "dependencies": {
    "@wormhole-foundation/sdk": "^4.9.1",
    "@wormhole-foundation/sdk-base": "^4.9.1"
  }
}
Confidence
86% confidence
Finding
"@wormhole-foundation/sdk": "^4.9.1"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"type": "commonjs",
  "dependencies": {
    "@wormhole-foundation/sdk": "^4.9.1",
    "@wormhole-foundation/sdk-base": "^4.9.1"
  }
}
Confidence
86% confidence
Finding
"@wormhole-foundation/sdk-base": "^4.9.1"

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.