Security audit

Agent-Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a real local crypto-wallet skill, but it handles wallet secrets and signing authority in ways users should review carefully before installing.

Install only if you are comfortable letting a local agent manage a wallet file. Prefer a new low-value wallet, avoid pasting a main wallet seed phrase or private key into command-line arguments, keep WALLET_SECRET_KEY strong and private, protect or exclude wallet/signer.json from backups and sync, and manually review every message signature or transaction before allowing the agent to run the scripts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: This script persists highly sensitive wallet material to disk in a local JSON file after encrypting it, but it does not provide an explicit user warning, confirmation step, or any file-permission hardening before doing so. In a wallet-management skill, writing recoverable secret material to disk increases exposure to local compromise, accidental backup/sync leakage, or unintentional overwrite of an existing wallet, making this a real security weakness even if the encryption is intended as protection.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script signs any caller-supplied message using decrypted wallet material from a local file with no interactive confirmation, policy check, or scope restriction. In an agent skill context, this creates a confused-deputy risk: another tool, prompt injection, or unintended automation path could trigger signatures on arbitrary messages, including login/authentication payloads or malicious attestations, without the user realizing what is being approved.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical

Code: suspicious.exposed_secret_literal
Location: scripts/generate-wallet.js:75

File appears to expose a hardcoded API secret or token.

Critical

Code: suspicious.exposed_secret_literal
Location: scripts/import-wallet.js:17

File appears to expose a hardcoded API secret or token.

Critical

Code: suspicious.exposed_secret_literal
Location: SKILL.md:35