Minara Skill V2

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Minara crypto wallet and trading skill, but it gives an agent high-impact financial authority and includes under-scoped automated trading behavior.

Install only if you trust Minara and are comfortable granting a CLI access to a real crypto wallet/trading account. Use a low-balance wallet or narrowly scoped credentials where possible, verify every recipient, token, chain, amount, and leverage setting before approving, avoid autopilot unless you have explicit risk limits and a stop plan, and consider pinning or verifying the Minara CLI package instead of relying on minara@latest.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The examples prominently include actions that can move funds, place trades, withdraw assets, and enable autopilot trading, but they do not consistently require explicit user confirmation or warn that these actions may be irreversible and financially risky. In an agent setting, example-driven behavior can normalize direct execution of high-risk commands, increasing the chance of accidental loss, unauthorized transfers, or unsuitable trading activity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal