Back to skill

Security audit

circle-wallet

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate Circle USDC wallet tool, but it handles real funds and sensitive credentials with insufficient safety framing and can delete local wallet state during reconfiguration.

Review before installing if you will connect production Circle credentials. Use sandbox first, keep credentials out of shared logs and shells, restrict file permissions on the local config directory, and verify any send operation with an explicit recipient, amount, network, and funding source before allowing the agent to execute it. Back up wallet metadata before reconfiguring credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs agents/users to send USDC but does not clearly warn that, when configured for production/mainnet, transfers can move real funds and are generally irreversible. In an agent setting, this omission increases the chance of accidental high-consequence transactions because the examples normalize fund transfers without an explicit confirmation or safety notice.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup flow tells users to provide an API key and entity secret and notes a storage path, but it does not warn that these are highly sensitive credentials that can authorize wallet operations if exposed. In a shared host or agent environment, insufficient guidance on secret handling materially increases the risk of credential leakage and unauthorized transactions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup command unconditionally deletes local wallet metadata files when a new entity secret is registered, without an explicit confirmation prompt, backup, or dry-run warning. In an agent or automation context, this can silently erase wallet mappings and default-wallet state, causing loss of local operational state and increasing the chance of sending from or funding the wrong wallet later.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The configure command also deletes wallets.json and default-wallet.txt automatically when new credentials are supplied, with no prior warning or confirmation. This is a real integrity and availability issue because local wallet records may be lost even if the operator mistyped credentials or did not intend to reset wallet state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.