TRON Energy Rental & Fee Optimization

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill appears purpose-built for TRON energy rental, but it can submit cost-affecting rental orders through a third-party API without clear built-in authorization, limits, or confirmation controls.

Install only if you trust TRXDO and understand that commands can use your configured API credentials to submit energy rental orders. Before enabling it in a shared chat or production bot, add an allowlist, explicit confirmation, spending and quantity limits, logging, and store the secretKey outside source-controlled files.

Publisher note

This skill requests the secure TRXDO API to automatically rent TRON energy and optimize USDT transaction fees for users.

SkillSpector (2)

By NVIDIA

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly advertises '24 小时无人值守' automated energy rental and fee optimization for blockchain activity, but the description does not warn users that it can autonomously trigger fee-affecting blockchain resource operations. In this context, missing disclosure is risky because users may enable the skill without understanding that it can initiate unattended actions tied to real transaction costs and account behavior.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The class handles long-lived API credentials and sends signed requests to an external third-party service, but the design encourages storing secrets directly in object properties and even includes a subclass pattern that invites hardcoding credentials. This increases the risk of credential exposure through source control, logs, memory inspection, or accidental disclosure, which could allow unauthorized use of the external payment/energy API.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal