Skill
Security checks across malware telemetry and agentic risk
Overview
The skill appears to be a legitimate Sigil wallet-safety integration, with the main risk being the sensitive wallet credentials it needs to perform its stated job.
Before installing, confirm you trust Sigil and configure the signer with the least authority needed. Treat SIGIL_API_KEY and signer material like wallet credentials, and verify any transaction policy limits before allowing an agent to use it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.