Buzz BD

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but one adapter can turn a token query into local command execution if given crafted input.

Review before installing. The basic DexScreener scanner is coherent, but avoid exposing the elizaOS adapter to untrusted users or prompts until the execSync call is replaced with execFile/spawn argument arrays and strict token/chain validation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The handler builds a shell command with untrusted user input (`message.content.text`) interpolated into a string passed to `execSync`. Quoting the value does not make it safe against shell metacharacters such as embedded double quotes or command substitutions, so an attacker can potentially achieve command injection and execute arbitrary OS commands under the agent's privileges.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: Raw user message text is passed directly into a shell command without validation, escaping guarantees, or any confirmation boundary. In this skill context, the feature is supposed to perform token intelligence, so accepting arbitrary natural-language input and routing it into shell execution makes the adapter materially more dangerous because external user queries become a command execution surface.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal