Security audit
Agent Wormhole
Security checks across malware telemetry and agentic risk
Overview
The skill is a disclosed guide for one-time encrypted agent handoffs, with sensitive wallet, payment, and secret-handling behavior clearly tied to that purpose.
Before installing, treat this as a tool for transferring sensitive handoff material through external endpoints. Use short TTLs, do not share wormhole codes publicly, avoid logging plaintext secrets, verify the external npm package and service endpoints before use, and be careful with wallet configs or any x402 payment command.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
