API3 Data Feed Purchase

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for API3 purchases, but it asks users to use a wallet mnemonic in a local .env file and can execute real blockchain transactions with insufficient safety framing.

Review before installing. Use only a dedicated low-balance wallet, do not paste a main wallet seed phrase into chat or project files, verify the chain/feed/price carefully, and assume the purchase transaction may spend funds and be irreversible once broadcast.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The skill first instructs the agent to never read .env files or ask for secrets, then later directs use of WALLET_MNEMONIC from a local .env for signing. Contradictory secret-handling guidance is dangerous because it encourages ambiguous implementation choices, increasing the chance that an agent or wrapper will read sensitive wallet material in an unsafe or unintended way.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README explicitly advertises `buy.ts` as executing a purchase transaction but does not warn that this causes real on-chain spending, may be irreversible, and can incur gas costs. In a skill intended to interact with blockchain markets, omission of that warning increases the chance of accidental fund loss by users or agents running the script without understanding the consequences.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README instructs users to provide `WALLET_MNEMONIC` in `.env` but gives no warning that a mnemonic is a highly sensitive root secret that grants full wallet control. In a blockchain purchase skill, this context makes the omission more dangerous because users may store or expose the mnemonic insecurely, leading to complete asset compromise if leaked.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The purchase phase tells the user to place a wallet mnemonic in a local .env file for transaction signing, but it does not provide a strong warning about the sensitivity of seed phrases or safer alternatives. A mnemonic is full-wallet compromise material; normalizing local file storage without safeguards materially increases the risk of theft through accidental exposure, logging, backups, or broader file access.

Ssd 3

Medium

Confidence: 98% confidence
Finding: Instructing the agent to rely on a mnemonic stored in a local .env file directly conflicts with the earlier prohibition on reading .env files and handling secrets. In the context of a blockchain purchase flow, this is especially dangerous because any leakage or mishandling of the mnemonic enables irreversible asset theft and unauthorized transactions.

Unpinned Dependencies

Low

Category: Supply Chain
Content: "type": "module", "dependencies": { "@api3/dapi-management": "file:api3-dapi-management-4.20.0.tgz", "dotenv": "^17.4.2", "ethers": "^6.16.0" } }
Confidence: 89% confidence
Finding: "dotenv": "^17.4.2"

Unpinned Dependencies

Low

Category: Supply Chain
Content: "dependencies": { "@api3/dapi-management": "file:api3-dapi-management-4.20.0.tgz", "dotenv": "^17.4.2", "ethers": "^6.16.0" } }
Confidence: 90% confidence
Finding: "ethers": "^6.16.0"

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal