Back to skill

Security audit

Kaspa Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a cryptocurrency wallet skill with expected wallet behavior, but it needs Review because it can expose seed phrases and send funds without clear built-in safeguards.

Only install this if you are comfortable reviewing and controlling wallet operations manually. Use a low-value or test wallet, keep private keys and mnemonics out of transcripts and logs, verify recipient, amount, fee, and network before any send, and consider avoiding the installer unless you accept its remote pip bootstrap behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares only allowed tools, but its documented behavior clearly depends on sensitive capabilities: reading secrets from environment variables, writing files during installation, invoking shell commands, and making network connections to RPC endpoints. This mismatch weakens policy review and user understanding, which is especially risky in a self-custody wallet because hidden network and shell behavior can affect funds or expose secrets.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to configure a private key or mnemonic and perform value-transferring wallet operations, but it provides no safety guidance about irreversible blockchain transactions, key/seed sensitivity, or the risk of exposing secrets through shell history, logs, screenshots, or automation environments. In a self-custody wallet context, missing warnings materially increase the chance of user fund loss or credential compromise, especially for automated-agent use.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes sending funds and generating wallets but does not prominently warn that transactions are irreversible and that private keys or mnemonic phrases are highly sensitive secrets. In the context of a cryptocurrency wallet, omission of these warnings increases the chance that users or agents will mishandle credentials or initiate transfers without adequate verification.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The send examples show how to broadcast payments without a clear warning to verify recipient address, amount, and network first. Because blockchain transfers are generally irreversible, a copied wrong address, amount typo, or mainnet/testnet confusion can immediately result in permanent financial loss.

Missing User Warnings

High
Confidence
97% confidence
Finding
Showing mnemonic output without an explicit secrecy warning is dangerous because the mnemonic is the wallet's root credential and anyone who sees it can steal all associated funds. In an agent or automated environment, example output may be logged, copied into transcripts, or exposed to other tools, making this particularly sensitive.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The installer downloads get-pip.py from the network and immediately executes it, which is remote code execution via a bootstrap script. If the download source is compromised, intercepted, or replaced, arbitrary code will run during installation with the user's privileges.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The command emits a newly generated wallet mnemonic directly to stdout in JSON without any warning, redaction, or requirement for an interactive acknowledgement. In agent or automation contexts, stdout is commonly logged, captured, or forwarded, which can expose the seed phrase and allow total wallet compromise.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The send command performs an irreversible blockchain transfer immediately once invoked, with no confirmation prompt, destination checksum confirmation, dry-run default, or explicit opt-in for non-interactive execution. In an agent skill context, a mistaken tool call, prompt injection, or malformed argument can directly cause permanent loss of funds.

Unpinned Dependencies

Low
Category
Supply Chain
Content
kaspa
Confidence
94% confidence
Finding
kaspa

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.