Back to skill

Security audit

Create a linkinbio page on pawr.link fast

Security checks across malware telemetry and agentic risk

Overview

This skill is a plain markdown guide for paid pawr.link profile creation and updates, with the costs and external service disclosed.

Install only if you intend to use pawr.link with x402 payments. Before running any shown curl command, verify the wallet, username, profile changes, and exact USDC charge, because successful calls may spend funds and change a public profile.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill triggers paid x402 transactions for profile creation and updates, but it does not present a prominent user warning at the point where the agent would act on behalf of a user. Even though prices are mentioned elsewhere, the operational instruction flow encourages execution and states payment is handled automatically, which can cause unintended spending if an agent follows the skill without explicit user confirmation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal