Catallax

Security checks across malware telemetry and agentic risk

Overview

The skill is legitimate for Catallax/Nostr contract work, but it can lead an agent to publish signed public contract and payment-related events using a raw Nostr private key without enough scoping or safety warnings.

Install only if you intend to use Catallax on Nostr. Use a dedicated Nostr key or secure signer, do not paste a valuable private key into chat, and review every event body, tag, relay, role, and status change before publishing because relay posts may be public, replicated, and hard to undo.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger language is broad enough to activate on generic terms like tasks, gigs, or contract work, which can cause the skill to be selected in contexts unrelated to Catallax. That increases the chance the agent will invoke Nostr/Lightning workflow instructions or request sensitive signing context when the user did not intend to use this protocol-specific skill.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill provides concrete commands for publishing signed events using an nsec private key, but it does not include guardrails for secret handling, confirmation, or the permanence of broadcasting to relays. In an agent setting, this can lead to unsafe collection or exposure of private keys, accidental signing, and irreversible publication of financial or contractual actions to public relays.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal