OpenServ Multi Agent Workflows

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate OpenServ workflow guide, but its examples handle wallet keys, webhook trigger tokens, persistent workflows, and sensitive personal data without enough safety guidance.

Review before installing or following the examples. Use a dedicated low-balance development wallet, keep .env files out of version control, avoid sharing logs or screenshots containing webhook URLs, pin and review dependencies, vet marketplace agents before use, disable unused workflows/triggers, and do not submit real client or sensitive personal data without consent and data-handling controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (15)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The example instructs users to place a wallet private key in a local .env file without any warning about secret handling, rotation, least privilege, or avoiding commits/logging. In documentation for an agent workflow platform, this can normalize unsafe credential practices and increase the chance of wallet compromise through accidental disclosure or poor storage.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation prints and demonstrates a bearer-style webhook URL containing a trigger token, but does not warn that anyone possessing that URL can invoke the workflow. This is dangerous because logs, screenshots, shell history, CI output, or shared docs can leak the token and enable unauthorized workflow execution and possible downstream cost or data exposure.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script prints a live webhook trigger URL containing the bearer-style token and shows how to invoke it, but does not warn that possession of the token grants workflow invocation. In real environments, console logs are often captured by CI, terminals, shared logs, or screenshots, which can leak the token and permit unauthorized workflow execution, quota abuse, or unwanted agent actions.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The example instructs users to place a wallet private key in a local .env file but provides no warning about the sensitivity of that secret, safe storage expectations, or the risk of accidental disclosure through source control, logs, or shell history. In a workflow setup guide for a platform client that authenticates with the wallet, this omission can lead to real credential compromise if users copy the pattern without secure handling practices.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This example processes highly sensitive personal intake data and sends it through a webhook to a third-party platform and multiple marketplace agents, but it provides no privacy notice, consent guidance, data minimization advice, or retention/security caveats. In the context of life coaching, the fields can reveal mental state, career issues, confidence problems, and other sensitive personal information, so the omission materially increases privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation instructs users to place a wallet private key in a .env file but provides no warning about the sensitivity of that secret or safe handling practices. In an agent/workflow setup, this can lead users to commit the key to source control, share screenshots/logs, or reuse a high-value wallet key, resulting in account or fund compromise.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The example prints and demonstrates use of a live webhook trigger URL containing the bearer-style token, without warning that possession of the URL grants invocation access. This increases the chance of accidental disclosure through terminal logs, screenshots, shell history, or pasted documentation, allowing unauthorized parties to trigger workflows.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The example instructs users to place a wallet private key in a local .env file and then use it for authentication, but it does not include an explicit warning that this value is highly sensitive and must never be shared, committed, or reused unsafely. In security-sensitive blockchain contexts, normalizing direct handling of private keys without safeguards increases the risk of credential leakage and irreversible wallet compromise.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The example setup script prints a live bearer-style webhook URL containing the trigger token directly to stdout, and the documentation encourages immediate reuse of that secret in a curl command. Anyone with access to terminal logs, CI output, shell history, screenshots, or copied docs can invoke the workflow without additional authentication, so exposing it without warning or masking is a real security issue.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document instructs users to place a wallet private key in a local .env file and use it for authentication, but provides no warning about the sensitivity of the credential, key handling hygiene, or safer alternatives. In a skill that orchestrates marketplace agents and activates remote workflows, compromise of this key could allow unauthorized account actions and asset or workflow abuse.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The example instructs users to place a wallet private key in a local .env file and use it for authentication, but it does not include any warning about the sensitivity of that secret or safe handling practices. This creates a realistic risk of credential leakage through source control, logs, screenshots, shared example repos, or insecure local storage, especially because the key likely controls blockchain or account actions.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The example instructs users to place a wallet private key in a .env file without any explicit warning about the sensitivity of that credential or guidance on secure handling. In a developer-facing workflow setup guide, this can normalize unsafe secret management and increase the chance of accidental disclosure through source control, logs, screenshots, or copied example files.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The documentation normalizes automatic fallback to process.env.WALLET_PRIVATE_KEY for x402 payout handling without any explicit warning about secret management. This can lead developers to place sensitive private keys in environment variables in insecure runtimes, increasing the risk of credential leakage, wallet compromise, and unauthorized fund movement.

Credential Access

High

Category: Privilege Escalation
Content: const client = new PlatformClient() if (!process.env.WALLET_PRIVATE_KEY) { console.error('Missing WALLET_PRIVATE_KEY in .env') process.exit(1) }
Confidence: 91% confidence
Finding: .env'

Credential Access

High

Category: Privilege Escalation
Content: const client = new PlatformClient() if (!process.env.WALLET_PRIVATE_KEY) { console.error('Missing WALLET_PRIVATE_KEY in .env') process.exit(1) }
Confidence: 96% confidence
Finding: .env'

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal