XRPL Transaction Builder

Security checks across malware telemetry and agentic risk

Overview

The skill is a small, transparent XRPL transaction helper, with the main risk being that signed blockchain transactions can affect real funds or account state.

Install only if you intend to create XRPL transactions. Treat every Xaman signature as authorizing a real ledger action: verify the destination, amount, destination tag, transaction type, NFT fields, issuer, flags, fees, and network before signing or submitting. Use testnet or devnet examples when experimenting, and consider pinning the xrpl npm dependency in real projects.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: This skill encourages building, signing, and submitting XRPL transactions without clearly warning that these actions can irreversibly transfer funds, mint or burn NFTs, or alter account state on-chain. In a transaction-building skill, omission of this warning materially increases the chance of unsafe use, accidental loss of assets, or unintended account changes, especially if users copy examples directly into production workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal