Back to skill

Security audit

Token Layer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Token Layer integration, but it gives an agent transaction authority over a funded wallet and asks it to retain account-linked referral state, so users should review it carefully before installing.

Install only if you intend to let an agent use a Token Layer API key connected to a funded wallet. Use a dedicated low-balance wallet, require explicit approval for every create, trade, and send-transaction call, review token, chain, amount, fees, and destination before sending, and avoid saving email/user_id in persistent memory unless you accept that privacy tradeoff.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to persist referral/account notes in local memory files across sessions, including account email or user_id. Retaining identifiers beyond the immediate transaction purpose expands data collection scope and creates avoidable privacy and profiling risk if memory is later exposed, reused, or correlated.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs storage of account identifiers such as email or user_id without any privacy notice, minimization guidance, or retention boundary. This can lead to unnecessary collection of personal/account data and creates privacy exposure if that memory is later accessed by other workflows or users.

Ssd 4

Medium
Confidence
94% confidence
Finding
Building persistent notes that link referral usage to account identity across sessions creates long-lived behavioral records unrelated to the minimum needed for token trading. Over time this enables cross-session tracking and increases harm from memory leakage or unintended reuse in other contexts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.