Transact

Security checks across malware telemetry and agentic risk

Overview

This skill can help sign crypto transactions, but that high-impact function is clearly disclosed and paired with review, simulation, and user-confirmation steps.

Install only if you are comfortable using Aomi as a trusted crypto transaction assistant. Before signing, verify the chain, recipient, amounts, approvals, and simulation results yourself; never provide wallet keys or API secrets unless you intentionally want them configured, and understand that signed blockchain transactions may be hard or impossible to reverse.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The manifest explicitly promotes reviewing and signing on-chain transactions, but it does not warn that these actions may be irreversible, financially risky, or capable of transferring assets and approvals. In a crypto transaction skill, omission of a clear safety warning materially increases the chance that users authorize harmful transactions, especially when interacting through natural language abstractions that can hide exact on-chain effects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal