Whistle RPC

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed documentation-only Solana RPC subscription skill, but users should handle payments and API keys carefully.

Install only if you are comfortable using whistle.ninja as a hosted Solana RPC provider and paying 1 SOL/month. Use a dedicated low-value wallet, manually approve every transaction, prefer X-API-Key or Authorization headers instead of URL-based API keys where possible, avoid logging full request URLs, and inspect the external npx CLI separately before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

External Transmission

Medium

Category: Data Exfiltration
Content: "endpoints": { "quote": "POST https://api.whistle.ninja/api/agent/subscribe", "activate": "POST https://api.whistle.ninja/api/agent/activate", "status": "GET https://api.whistle.ninja/api/agent/status/:apiKey" } }, "tools": [
Confidence: 97% confidence
Finding: https://api.whistle.ninja/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal