Back to skill

Security audit

Abstract Onboard

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Abstract blockchain toolkit, but it can immediately sign live transactions and move funds with weak safety gates.

Install only if you understand that this skill can use a private key to move real funds on mainnet. Use a dedicated low-balance wallet, review every transaction target, amount, spender, allowance, and quote before running scripts, and avoid using a primary wallet or production funds until confirmations, slippage limits, and dependency pinning are improved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (20)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs use of environment secrets such as `WALLET_PRIVATE_KEY` and performs networked blockchain actions, yet it declares no permissions. That mismatch can cause an agent or operator to invoke a capability that signs transactions, moves assets, or calls arbitrary contracts without explicit consent boundaries, which is especially dangerous in a wallet/bridging/deployment skill.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The code explicitly sets `amountOutMinimum = 0n` while comments suggest safer production behavior would quote and enforce slippage protection. This permits swaps to execute at any output amount, exposing users to severe price impact, MEV sandwiching, or near-total value loss in thin or manipulated pools.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This script exposes a fully generic contract invocation primitive by allowing arbitrary target addresses, ABI files, function names, arguments, and optional value-bearing write calls. In an agent skill, that significantly expands capability beyond the described supported workflows and can be abused to invoke sensitive or destructive methods on any contract, turning the skill into a general transaction executor rather than a constrained Abstract interaction tool.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation scope is extremely broad: deploy contracts, bridge assets, trade, transfer funds, check balances, mint NFTs, and interact with arbitrary contracts on Abstract. Such a generic trigger can cause the skill to activate during common wallet or blockchain tasks and expose high-risk capabilities, increasing the chance of unintended fund movement or unsafe contract interaction.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to export a raw wallet private key into an environment variable and run a script, but it does not include any handling guidance, risk warning, or safer alternatives. In an agent skill for blockchain operations, this is dangerous because users may expose a production key through shell history, logs, screenshots, shared terminals, or insecure host environments, enabling theft of on-chain assets.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file instructs users to export a raw wallet private key into an environment variable and run swap scripts, but provides no warning about secure key handling, least-privilege funding, or safer signing alternatives. In a blockchain deployment/trading skill, this increases the chance that operators expose high-value credentials through shell history, logs, shared terminals, CI environments, or poorly secured hosts, leading to wallet compromise and asset theft.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script submits an irreversible on-chain swap immediately after basic logging, without any interactive confirmation or dry-run safeguard. In an agent skill context, this increases the chance of unintended trades from bad parameters, wrong token addresses, or automation mistakes, causing direct asset loss.

Missing User Warnings

High
Confidence
96% confidence
Finding
The script sends live bridge transactions returned by a third-party quote API without any user confirmation, simulation, or allowlist validation of destinations and calldata. Because bridging is irreversible and the skill is explicitly meant to move real assets on mainnet, a bad quote, compromised API response, or operator mistake could cause immediate loss of funds.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup guide instructs users to export a raw private key in an environment variable without any accompanying safety warning or safer alternative. In an agent skill focused on blockchain operations, this increases the chance that users or autonomous systems will place high-value credentials into shell history, process environments, logs, crash reports, or shared execution contexts, which can lead to wallet compromise and theft of funds.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script submits a live on-chain swap immediately after constructing parameters, with no interactive confirmation, dry-run mode, or explicit user acknowledgement. In an agent skill context that can be invoked programmatically, this increases the chance of unintended asset movement, especially because the swap also accepts any output amount.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script grants MaxUint256 approval to the router, creating a standing unlimited allowance over the wallet's USDC. If the router is compromised, misconfigured, upgraded maliciously, or the address is wrong, the approved token balance could be drained beyond the intended $1 swap.

Missing User Warnings

Low
Confidence
78% confidence
Finding
Reading a private key from an environment variable is common for automation, but doing so without safety guidance encourages direct hot-key usage in scripts that perform mainnet transactions. In this skill's context, the key is immediately used to sign approvals and swaps on Abstract mainnet, so operator mistakes or insecure environment handling can expose funds.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs two irreversible state-changing actions automatically: granting a MaxUint256 token allowance to the router and then submitting a live swap transaction, with no interactive confirmation, dry-run gate, or safety checks beyond a simple 5% minOut. In an agent-skill context that may be invoked programmatically, this materially increases the risk of unintended asset movement or overbroad approval if the script is triggered with a funded wallet or if the router address is wrong or later compromised.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script loads a live private key from the environment and can immediately execute approvals and swaps once invoked, without any explicit interactive confirmation or dry-run summary gate before signing transactions. In an agent skill context, this is dangerous because malformed parameters, prompt/command injection, or autonomous invocation could cause unintended on-chain asset movements and irreversible token approvals/swaps.

External Transmission

Medium
Category
Data Exfiltration
Content
console.log('Bridging:', ethers.formatUnits(bridgeAmount, 6), 'USDC');
  
  // Get fresh quote
  const quoteResp = await fetch('https://api.relay.link/quote/v2', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
Confidence
88% confidence
Finding
fetch('https://api.relay.link/quote/v2', { method: 'POST'

External Transmission

Medium
Category
Data Exfiltration
Content
console.log('Bridging:', ethers.formatUnits(bridgeAmount, 6), 'USDC');
  
  // Get fresh quote
  const quoteResp = await fetch('https://api.relay.link/quote/v2', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
Confidence
88% confidence
Finding
https://api.relay.link/

Unpinned Dependencies

Low
Category
Supply Chain
Content
"license": "MIT",
  "keywords": ["abstract", "zksync", "l2", "agent", "crypto", "deployment"],
  "dependencies": {
    "ethers": "^6.9.0",
    "zksync-ethers": "^6.0.0",
    "viem": "^2.0.0",
    "@abstract-foundation/agw-client": "^0.1.0"
Confidence
94% confidence
Finding
"ethers": "^6.9.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"keywords": ["abstract", "zksync", "l2", "agent", "crypto", "deployment"],
  "dependencies": {
    "ethers": "^6.9.0",
    "zksync-ethers": "^6.0.0",
    "viem": "^2.0.0",
    "@abstract-foundation/agw-client": "^0.1.0"
  },
Confidence
94% confidence
Finding
"zksync-ethers": "^6.0.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "ethers": "^6.9.0",
    "zksync-ethers": "^6.0.0",
    "viem": "^2.0.0",
    "@abstract-foundation/agw-client": "^0.1.0"
  },
  "scripts": {
Confidence
94% confidence
Finding
"viem": "^2.0.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"ethers": "^6.9.0",
    "zksync-ethers": "^6.0.0",
    "viem": "^2.0.0",
    "@abstract-foundation/agw-client": "^0.1.0"
  },
  "scripts": {
    "check-balances": "node scripts/check-balances.js",
Confidence
96% confidence
Finding
"@abstract-foundation/agw-client": "^0.1.0"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/bridge-usdc-relay.js:4

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/myriad-buy-direct.js:16

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/myriad-trade.js:15