Back to skill

Security audit

Kaspa Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Kaspa wallet skill, but it can spend real cryptocurrency from configured secrets without an explicit confirmation step.

Install only if you intentionally want an agent-accessible Kaspa wallet. Use a small dedicated wallet or testnet first, avoid primary seed phrases, keep wallet secrets out of shared shells and logs, review the resolved `kaspa` package, and require separate human approval before any `send` or `max` transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill explicitly instructs use of shell commands and sensitive environment variables, but no declared permissions are documented. In an agent setting, this creates a transparency and policy gap: users or orchestrators may not realize the skill can read secrets from the environment and invoke local shell execution, increasing the chance of unintended secret exposure or command misuse.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill reads highly sensitive wallet secrets from environment variables, giving the code access to funds-controlling material that is not clearly disclosed in the stated manifest purpose. In an agent ecosystem, this increases the blast radius because any execution of the skill can operate with ambient credentials without an explicit permission boundary or user awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README advertises high-risk wallet operations such as sending cryptocurrency and generating mnemonic seed phrases without prominently warning that transactions are irreversible and that seed material must be handled as extremely sensitive secret data. In an agent-facing skill, this increases the chance of accidental fund loss or secret exposure because users or automation may treat these commands as routine operations without adequate safeguards.

Missing User Warnings

High
Confidence
95% confidence
Finding
The generate-mnemonic command returns the full wallet seed phrase in JSON without a prominent warning that it is highly sensitive secret material. In agent or logging-heavy environments, stdout may be captured in transcripts, logs, telemetry, or chat history, which could immediately compromise the wallet and allow theft of all funds.

Missing User Warnings

High
Confidence
93% confidence
Finding
The send command performs irreversible cryptocurrency transfers, yet the documentation does not clearly warn that funds may be permanently lost if the address, amount, network, or 'max' option is wrong. This is especially dangerous in an agent context because automated or misparsed inputs can trigger destructive real-money transactions without a human verification step.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The wrapper automatically executes install.py when the virtual environment is missing, which runs setup code without requiring explicit user confirmation. In a wallet skill, setup scripts may install packages, modify the environment, or execute arbitrary Python code from the repository, so this expands trust from the launcher into the installer and increases the risk of unnoticed code execution.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The wallet accesses mnemonic/private-key material silently at startup scope without any user-facing disclosure, warning, or indication that signing authority may be used. In agent settings this is dangerous because users or orchestrators may invoke seemingly harmless commands without realizing the skill has immediate access to funds-bearing secrets.

Missing User Warnings

High
Confidence
97% confidence
Finding
The send command signs and submits cryptocurrency transactions immediately with no confirmation step, destination verification prompt, dry-run default, or explicit warning. In an agent-driven environment, prompt misunderstanding, tool misuse, or malicious instruction chaining could result in irreversible transfer of funds to an attacker-controlled address.

Unpinned Dependencies

Low
Category
Supply Chain
Content
kaspa
Confidence
97% confidence
Finding
kaspa

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.