Wise Read Only
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed read-only Wise API helper that can expose sensitive account information when used, but the behavior matches its stated purpose.
Install only if you are comfortable letting the agent read Wise account information available to WISE_API_TOKEN. Use the least-privileged Wise token you can, keep implicit invocation disabled, and avoid --raw unless you specifically need unredacted fields.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.