Taiko Native Bridge

Security checks across malware telemetry and agentic risk

Overview

This bridge helper is coherent, but it gives an agent raw wallet authority to run real asset-moving transactions without a clear per-transaction approval step.

Review before installing. Use a dedicated low-value wallet, avoid giving an agent a primary private key, pin and verify the bridge CLI where possible, and require explicit approval for every transaction with the exact source chain, destination chain, recipient, asset, amount, gas limit, fee, and RPC endpoints.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill provides ready-to-run bridge send/claim commands that use a private key to execute live blockchain transactions, but it does not prominently warn that these actions can irreversibly move funds or assets. In an agent context, this increases the risk of accidental execution, misuse of a loaded wallet, or user misunderstanding about the financial consequences of the commands.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal