Back to skill

Security audit

Solvera Markets

Security checks across malware telemetry and agentic risk

Overview

Solvera is a documentation-only skill for preparing on-chain marketplace transactions, with financial risk that is disclosed and aligned with its purpose.

Install only if you are comfortable with an agent helping prepare blockchain marketplace transactions. Before signing, verify the network, contract address, calldata, token addresses, amounts, deadlines, gas costs, and expected asset movement; keep private keys local and require explicit human approval for any transaction broadcast.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises write endpoints that build blockchain transactions but does not clearly warn that invoking them can lead to on-chain actions affecting tokens, approvals, or other user-controlled assets once signed. In an agent context, this omission increases the risk that an operator or downstream automation treats these endpoints as ordinary API writes rather than financially sensitive transaction-construction flows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.