Back to skill

Security audit

Skill

Security checks across malware telemetry and agentic risk

Overview

Evalanche is a disclosed crypto wallet skill, but it gives autonomous agents broad authority to move funds, trade, bridge assets, and use private keys without enough documented user controls.

Review this carefully before installing on any funded wallet. Use a dedicated low-balance wallet, prefer OpenClaw secrets or a protected secret manager, avoid sharing mnemonics in prompts or logs, pin external CLI paths, and set strict agent-level policies for confirmations, spending limits, approved chains, approved contracts, and trade sizes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill exposes a very broad set of transaction, bridging, staking, trading, and contract-call capabilities yet does not prominently warn that these actions can irreversibly move funds or incur losses. In an autonomous-agent context, weak risk framing increases the chance of accidental execution, unsafe delegation, or misuse of high-impact financial tools.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs use of highly sensitive secrets such as private keys and mnemonics without strong warnings about compromise impact, storage hygiene, or operational safeguards. In a wallet skill, mishandling these credentials can lead directly to full theft of assets across supported chains and services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.