ChainAI
Security checks across malware telemetry and agentic risk
Overview
ChainAI is a coherent blockchain tool, but it gives an agent private-key control over real funds and its instructions are under-scoped for irreversible transactions.
Install only if you are comfortable letting this CLI operate with a blockchain private key. Use a dedicated low-balance wallet, avoid command-line private-key flags, verify addresses/networks/amounts manually, require explicit approval before send, swap, broadcast, or raw signing, and do not retry uncertain fund-moving actions until checking on-chain status.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.