Back to skill

Security audit

Launch a Token

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherent for launching Solana tokens and discloses wallet and SOL-spending requirements, but users should treat the actions as real financial blockchain transactions.

Install only if you intend to use a wallet-enabled Genesis plugin to launch tokens on Solana. Use a dedicated low-balance wallet, do not expose private key material in chat or logs, and explicitly review the wallet address, network, allocations, fees, metadata upload, and finalization step before signing transactions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill guides users through creating and finalizing an on-chain token launch but does not explicitly warn that these actions can be irreversible and will spend SOL from the configured wallet. In a wallet-enabled agent context, missing transaction-risk disclosure increases the chance that a user authorizes costly or irreversible operations without understanding the consequences.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill describes loading a Solana keypair from a local file or environment variable but does not include a clear warning that these are sensitive wallet credentials. In an agent setting, inadequate credential-handling guidance can lead users to expose private key material, misconfigure secrets, or use a hot wallet without understanding the security risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.