Agent Wallet CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed crypto-wallet tool, but it gives agents real fund-moving authority and under-discloses outbound HTTP behavior for x402 payments.

Install only if you intentionally want an agent to operate a crypto wallet. Use a dedicated low-balance wallet, unlock it yourself when possible, provide only short-lived session tokens, avoid giving the agent WALLET_PASSWORD, require explicit approval before sends, approvals, signatures, exports, or x402 payments, set strict x402 max amounts and trusted URLs, and audit or pin the npm package before using real funds.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill claims there are no network calls except public blockchain RPCs, but the documented `x402` command explicitly performs arbitrary HTTP requests to user-supplied URLs and may automatically pay/retry. This misleading security statement can cause operators to underestimate exfiltration, SSRF-like access, metadata leakage, or unintended payment risks when using the skill in automated agent contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal