CAI: agent-checkout-completion

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed checkout-payment helper that uses a CAI wallet/API key and requires user confirmation before transfers.

Install only if you intend to let an agent use CAI for real checkout or payment steps. Treat CAI_API_KEY as a sensitive secret, and personally verify the merchant/payee, amount, chain, token, and final line items before approving any transfer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad enough to match many generic purchase or payment requests, which can cause the skill to activate outside a narrowly intended checkout context. Because this skill is capable of progressing toward financial actions, overly permissive invocation increases the risk of unintended payment workflows, user confusion, or misuse by downstream agents that infer authorization too loosely.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal