Hedera Token Minting

Security checks across malware telemetry and agentic risk

Overview

The skill matches its stated Hedera token-management purpose, but it gives copy-pastable live blockchain transaction examples without enough safeguards for irreversible financial actions.

Review this skill carefully before installing or using it on Hedera mainnet. Treat every create, mint, transfer, and burn snippet as a real transaction that may incur fees or be irreversible; use testnet first, protect private keys, verify network, account IDs, token IDs, recipients, amounts, and require explicit confirmation before execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill provides copy-pastable examples for creating, minting, transferring, and burning Hedera tokens without clearly warning that these are real, state-changing blockchain operations. A user or downstream agent could run these snippets against a configured client and unintentionally create assets, move balances, or destroy tokens, causing financial loss or irreversible ledger changes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal