Security audit

Merktop Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a transparent payment helper for x402 resources, but users should handle the buyer key carefully because some examples put it in the URL.

Install only if you intend to let the agent spend from a Merktop budget. Set a low budget cap, monitor reported x-merktop-spent-cents costs, and prefer sending the buyer key with the x-merktop-key header instead of putting it in URLs or shared terminal logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill’s primary usage examples place the sensitive `MERKTOP_BUYER_KEY` directly in the URL path, which can leak through shell history, process listings, reverse proxies, browser/history tooling, monitoring systems, and intermediary logs. Although the document later mentions a safer header-based alternative, it does not clearly make that form the default or warn that the path-based example exposes a credential tied to spending authority.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal