stable-layer-sdk

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for a Sui blockchain SDK, with visible but high-impact examples for signing real transactions.

Before using this skill with funds, verify the npm package publisher and version, use testnet first, and never paste private keys into chat or committed source files. Only sign mainnet transactions after checking the network, coin type, amount, and full transaction contents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill includes ready-to-run examples that sign and execute mainnet mint, burn, and reward-claim transactions involving real on-chain assets, but it provides no explicit warning that these actions can move funds irreversibly. In an agent-skill context, users may copy or automate these examples without understanding that private keys, balances, and token types correspond to live financial operations, increasing the chance of accidental loss or unintended transactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal