Back to skill

Security audit

Walletconnect Requester

Security checks across malware telemetry and agentic risk

Overview

This WalletConnect skill is mostly coherent, but it needs review because it includes underdocumented raw transaction-signing authority and persistent wallet sessions.

Install only if you understand WalletConnect prompts. Use a low-value or dedicated wallet, verify every recipient, amount, chain, contract call, and signature message, avoid enabling eth_signTransaction unless you explicitly need raw transaction signing, protect ~/.walletconnect-requester/, and disconnect sessions when done.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The `full` namespace expands capabilities beyond simple in-wallet approval flows by including raw transaction-signing functionality in the same permission set. In a WalletConnect requester context, broader signing permissions increase misuse potential because an agent could ask wallets for signatures or signed payloads that are not strictly necessary for the advertised purpose, weakening least-privilege guarantees.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
`eth_signTransaction` is a particularly sensitive method because it can produce a signed raw transaction without necessarily broadcasting it through the normal wallet-mediated send flow. That creates a more dangerous capability than `eth_sendTransaction`, since a malicious or compromised agent could obtain a signed transaction blob and submit or replay it elsewhere, which is not clearly aligned with the skill's stated 'request transactions approved in-wallet' model.

Session Persistence

Medium
Category
Rogue Agent
Content
### Step 2: Get WalletConnect Project ID

1. Go to [WalletConnect Cloud](https://cloud.walletconnect.com/)
2. Create a new project
3. Copy your **Project ID**

### Step 3: Set Environment Variable
Confidence
83% confidence
Finding
Create a new project 3. Copy your **Project ID** ### Step 3: Set Environment Variable ```bash export WC_PROJECT_ID="your_project_id_here" ``` ### Step 4: Run the Skill ```bash node scripts/wc-requ

Session Persistence

Medium
Category
Rogue Agent
Content
## Troubleshooting

### "No active session"
Run `connect` first to create a session.

### "User rejected request"
User declined in their wallet. Ask if they want to retry.
Confidence
88% confidence
Finding
create a session. ### "User rejected request" User declined in their wallet. Ask if they want to retry. ### "Session expired" Sessions last 7 days by default. Reconnect to create a new session. ###

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.