Back to skill

Security audit

Polygon Agents SDK

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Polygon wallet helper, but it merits Review because it can auto-run external tunneling software and handle sensitive wallet session material.

Install only if you trust the upstream Polygon Agent Kit code and are comfortable with a wallet tool that can install external software, open a temporary public callback tunnel, and manage wallet sessions. Pin or review the GitHub commit before installing, use minimal balances and tight session limits, avoid sharing private keys or session blobs in chats or logs, delete any /tmp session files after import, and verify recipient, amount, chain, contract, and approval URL before using --broadcast.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Automatically downloading and exposing a Cloudflare Quick Tunnel expands the tool's network-reachable attack surface beyond normal wallet/session management. It introduces supply-chain and callback interception risks, and the approval flow depends on a transient public endpoint that may expose sensitive session material or invite phishing/confusion if not tightly validated.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Saving encrypted session blobs to /tmp weakens the stated encrypted-storage model because /tmp is broadly accessible, ephemeral, and commonly monitored or swept by other local processes. Even if the blob is encrypted, placing authentication/session artifacts in a world-discoverable location increases the chance of theft, replay, mishandling, or accidental disclosure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The quickstart instructs users to handle highly sensitive secrets like `accessKey` and `privateKey` but does not include a clear warning not to paste, log, commit, or share them. In an agent-oriented workflow, these values are especially likely to be exposed through chat transcripts, shell history, screenshots, or automation logs, which could enable wallet takeover or unauthorized project usage.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide states that `cloudflared` is automatically downloaded and used to expose a callback endpoint via a public `*.trycloudflare.com` tunnel, but it does not prominently warn about the trust, supply-chain, and exposure implications. Auto-downloading and executing a network-facing binary in a wallet/session bootstrap flow increases attack surface and could expose approval callbacks or create a path for misuse if the binary source or tunnel behavior is compromised.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The quickstart says the encrypted session blob is automatically saved under `/tmp`, but does not warn that temporary directories may be readable by other local users, captured by system tooling, or persist longer than expected. Even encrypted session material can still be sensitive metadata and may become useful to an attacker if combined with other secrets or implementation weaknesses.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.