Back to skill

Security audit

Agent Wallet

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about being an agent-controlled crypto wallet, but its default setup can allow unrestricted real fund movement until policies are configured.

Review carefully before installing. Use a testnet or tiny balances first, claim the wallet immediately, set strict address/token/function allowlists and spending limits, require human approval for transactions, and keep the API key private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents token and ETH transfers as straightforward actions but does not prominently warn that blockchain transfers are generally irreversible and can permanently lose funds if the recipient, token, amount, or chain is wrong. In an agent-wallet context, this omission is materially risky because it normalizes destructive financial operations without requiring explicit user confirmation or caution messaging.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The swap execution section explains how to execute swaps but lacks a clear warning about slippage, MEV, routing failure, volatile pricing, wrong-chain/token selection, and the fact that executed swaps are irreversible on-chain actions. Because this skill is meant for autonomous or semi-autonomous agents handling real assets, missing risk disclosures increases the chance of harmful execution under misunderstood market conditions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill exposes arbitrary calldata transaction capability to any smart contract without a prominent high-risk warning. Arbitrary contract calls can approve token spending, transfer assets, interact with malicious contracts, or lock funds permanently, so presenting this capability without strong caution is dangerous in a wallet-management skill.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation states that if no policies are set, all actions are allowed by default, but this is not surfaced as a prominent upfront warning. In practice, this means a newly created agent wallet may immediately permit unrestricted transfers, swaps, and arbitrary contract interactions before guardrails are configured, creating a dangerous default posture.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.