Back to skill

Security audit

AgentFin

Security checks across malware telemetry and agentic risk

Overview

AgentFin is a disclosed virtual-card skill, but it gives an agent live access to payment credentials, OTPs, and fund-moving actions without clear per-action approval boundaries.

Install only if you intentionally want an agent to handle real payment-card details and OTPs. Use a dedicated low-balance account, keep the API key revocable, prevent card data from being logged or stored in long-term memory, and require explicit approval for every credential reveal, OTP use, purchase, and top-up.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to retrieve full card credentials (`pan`, `cvv`, expiry) and 3DS OTP codes, which are highly sensitive payment secrets that enable immediate card use. Without strong user-confirmation requirements, masking rules, logging restrictions, or warnings about secret handling, an agent could expose or misuse these values during automation, creating a direct payment-fraud and account-compromise risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The top-up endpoint performs a real financial state change by moving funds onto a prepaid card, but the skill presents it as a routine API call without any safety warning, approval gate, or transaction-verification guidance. In an agent context, that omission is dangerous because the model may execute the action automatically, causing unintended transfer of funds that may be difficult to reverse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.