Back to skill

Security audit

Sardis Escrow

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed escrow-payment skill, but it deserves Review because it gives an agent live fund and release commands without clear approval, limit, or reversibility safeguards.

Install only after verifying the Sardis domain, API base path, and @sardis/sdk package. Use a sandbox or tightly scoped key with spending limits, and require manual confirmation before any create, fund, confirm-delivery, release, or milestone-release request. Treat every release as a potential real asset transfer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill provides direct instructions to release escrowed funds and describes auto-release behavior, but does not include an explicit warning that these actions may be irreversible and can transfer assets permanently if triggered prematurely or based on unverified delivery claims. In an agent-invocable payment skill, that omission increases the chance of unsafe autonomous fund movement and user misunderstanding.

External Transmission

Medium
Category
Data Exfiltration
Content
# 2. Buyer funds the escrow
echo "Funding escrow..."
curl -X POST "https://api.sardis.sh/v2/escrow/$ESCROW_ID/fund" \
  -H "Authorization: Bearer $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"escrow_id\": \"$ESCROW_ID\", \"wallet_id\": \"wallet_buyer123\"}"
Confidence
83% confidence
Finding
curl -X POST "https://api.sardis.sh/v2/escrow/$ESCROW_ID/fund" \ -H "Authorization: Bearer $SARDIS_API_KEY" \ -H "Content-Type: application/json" \ -d "{\"escrow_id\": \"$ESCROW_ID\", \"wallet_i

External Transmission

Medium
Category
Data Exfiltration
Content
ESCROW_ID=escrow_xyz789

# Release milestone 1
curl -X POST "https://api.sardis.sh/v2/escrow/$ESCROW_ID/release" \
  -H "Authorization: Bearer $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
84% confidence
Finding
curl -X POST "https://api.sardis.sh/v2/escrow/$ESCROW_ID/release" \ -H "Authorization: Bearer $SARDIS_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Buyer deposits funds into escrow contract
curl -X POST https://api.sardis.sh/v2/escrow/{escrow_id}/fund \
  -H "Authorization: Bearer $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
82% confidence
Finding
https://api.sardis.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
}'

# Example:
curl -X POST https://api.sardis.sh/v2/escrow/escrow_xyz789/fund \
  -H "Authorization: Bearer $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"escrow_id": "escrow_xyz789", "wallet_id": "wallet_buyer123"}'
Confidence
82% confidence
Finding
https://api.sardis.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Buyer releases funds to seller after verification
curl -X POST https://api.sardis.sh/v2/escrow/{escrow_id}/release \
  -H "Authorization: Bearer $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
88% confidence
Finding
https://api.sardis.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
}'

# Partial release for milestone:
curl -X POST https://api.sardis.sh/v2/escrow/escrow_xyz789/release \
  -H "Authorization: Bearer $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
87% confidence
Finding
https://api.sardis.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
# 2. Buyer funds the escrow
echo "Funding escrow..."
curl -X POST "https://api.sardis.sh/v2/escrow/$ESCROW_ID/fund" \
  -H "Authorization: Bearer $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"escrow_id\": \"$ESCROW_ID\", \"wallet_id\": \"wallet_buyer123\"}"
Confidence
83% confidence
Finding
https://api.sardis.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
# 5. Buyer verifies and releases
echo "Releasing payment to seller..."
curl -X POST "https://api.sardis.sh/v2/escrow/$ESCROW_ID/release" \
  -H "Authorization: Bearer $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{
Confidence
89% confidence
Finding
https://api.sardis.sh/

External Transmission

Medium
Category
Data Exfiltration
Content
ESCROW_ID=escrow_xyz789

# Release milestone 1
curl -X POST "https://api.sardis.sh/v2/escrow/$ESCROW_ID/release" \
  -H "Authorization: Bearer $SARDIS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
84% confidence
Finding
https://api.sardis.sh/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.