Back to skill

Security audit

XLMTools

Security checks across malware telemetry and agentic risk

Overview

XLMTools is a coherent live-data and Stellar tool skill, but it grants paid-call and persistent wallet behavior with broad activation rules that users should review before installing.

Install only if you are comfortable with an external npm/MCP tool that can create a persistent Stellar testnet wallet, send requests to third-party services, and make small USDC-paid calls after merely mentioning the cost. Set an MCP budget before use where possible, require explicit approval for every paid call if your host allows it, and treat ~/.xlmtools/config.json as sensitive local account configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger guidance is overly expansive, especially phrases like using the skill for "latest anything," current events, or any URL fetch. This can cause the agent to invoke external tools and potentially paid actions for many ordinary requests, increasing unnecessary data exposure, cost, and attack surface. In this context, the risk is higher because the skill explicitly supports network access, shell fallback, and paid operations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The keyword list mixes highly specific Stellar terms with very broad terms like search, research, screenshot, scrape, image generation, stocks, crypto prices, weather, and domain check. Such unspecific activation cues can spuriously match common user requests and route them to a toolset with external network and payment behavior, even when unnecessary. The skill context makes this more dangerous because these capabilities can transmit user queries off-platform and incur spend.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.