Crypto Guardian

Security checks across malware telemetry and agentic risk

Overview

This is a crypto safety checklist, but it gives inconsistent and risky advice about storing wallet secrets in environment files.

Review before installing. Treat this as general checklist material only, and do not follow any advice that puts seed phrases or raw private keys in .env files, workspace files, chat, memory, or AI-visible context. Prefer hardware wallets, wallet connectors, watch-only monitoring, limited approvals, and explicit human confirmation for every signing action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list is broad enough to activate on common terms like 'wallet', 'private key', 'USDC', and 'blockchain', which can cause the skill to engage in many ordinary conversations. In a security-sensitive skill, over-triggering increases the chance that users are prompted into workflows about key handling or wallet operations when they did not explicitly request this specialist behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal