OpenDexter

Security checks across malware telemetry and agentic risk

Overview

OpenDexter is a clearly disclosed payment-capable skill for finding, pricing, and calling x402 APIs, but users should review costs before paid calls.

Install only if you intend to use OpenDexter for paid x402 API calls. Before any paid fetch, review the endpoint, price, chain, and wallet setup, and prefer a dedicated low-balance wallet or strict per-call spending limit.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger text is broad enough to activate on common user requests about APIs, pricing, wallets, or marketplaces, which can cause the agent to invoke this skill outside a narrowly intended context. Because this skill can initiate paid x402 calls and select funded wallets automatically, over-triggering increases the risk of unintended tool use, unnecessary spending, and exposure to untrusted third-party endpoints.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal