Multisig

Security checks across malware telemetry and agentic risk

Overview

This is a simple local reference script that only prints text, but its multisig guidance is generic and should not be relied on for real wallet decisions.

Install only as a lightweight local reference. Do not treat it as expert multisig, custody, governance, compliance, legal, or financial guidance; verify operational decisions against authoritative wallet, chain, and security documentation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The script presents itself as a multisig blockchain reference tool, but the exposed commands return mostly generic finance, compliance, and operations content rather than multisig-specific guidance. In a security-sensitive blockchain context, this mismatch can mislead users or downstream agents into relying on irrelevant or incomplete advice for wallet governance, signing policies, and transaction approval processes.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The inline documentation advertises the script as a blockchain multisig reference, but the implementation provides broad generic material that does not support that claim. This is dangerous because users may trust the branding and apply the output in high-stakes blockchain operations, increasing the chance of operational mistakes, poor security decisions, or false confidence in the tool's expertise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal