Back to skill

Security audit

Nano (XNO)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Nano wallet skill with real financial authority, but the reviewed artifacts disclose the wallet actions and include meaningful safety limits.

Install only if you intend to let an agent operate a Nano/XNO wallet. Review wallet names, destination addresses, amounts, and representative changes carefully; Nano sends are final once broadcast. Be aware that balance checks may automatically receive pending funds, which updates wallet state, and avoid using this skill for non-Nano wallet or payment tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes broad terms such as "wallet", "wallets", "balance", "refund", "invoice", and "transaction analysis" that can match many non-Nano requests. Because this skill can perform state-changing cryptocurrency actions, accidental activation could route unrelated wallet or payment tasks into Nano-specific tooling and increase the chance of confusing or harmful operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instruction to automatically call `wallet_receive` whenever pending funds are seen authorizes a state-changing blockchain action without explicit user confirmation. Even though receiving funds is usually beneficial, it still signs and broadcasts a transaction, changes wallet state, and could surprise users or violate an expected approval boundary for financial operations.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The send workflow explains mechanics and spending limits but does not prominently warn that Nano transfers are generally irreversible once broadcast. In a cryptocurrency wallet skill, omission of a clear irreversible-transfer warning raises the risk of user misunderstanding, mistaken sends, and loss of funds.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
79% confidence
Finding
Including the trigger phrase "open account" can collide with a built-in or more generic "open" command, causing unintended skill activation. In this skill, that is more concerning than a harmless routing issue because the skill governs cryptocurrency wallet behavior and may steer users into finance-related flows they did not intend.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.