Agent Credential Wallets: Verifiable Intent & Delegation Chains

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only GreenHelix guide with disclosed, purpose-aligned API examples, but users should treat the examples as live state-changing code if they run them.

Install only if you want a GreenHelix-focused guide for agent credential wallets and agent commerce. Use sandbox credentials or a least-privilege key, verify GREENHELIX_API_URL before running any snippet, and do not reuse the verifier examples in production without adding real DID resolution, signature, disclosure, expiration, revocation, and constraint-chain checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The guide explicitly frames itself as non-executing educational content, yet the included Python examples perform real HTTP POST requests and invoke state-changing tools such as create_intent, create_dispute, submit_metrics, and check_compliance. That mismatch increases the risk that users will run the examples against real environments or production credentials without understanding they can trigger external side effects, including financial or audit-impacting operations.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The AP2Adapter.verify_counterparty docstring claims DID resolution and disclosure validation, but the implementation only checks the protocol/format fields and fetches reputation data. This can mislead integrators into believing cryptographic identity and selective-disclosure proofs are being verified when they are not, enabling acceptance of forged or malformed presentations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The examples demonstrate payment execution through create_intent and budget tracking but do not prominently warn that running the sample against a configured production environment may initiate real financial intents or spending workflows. In a commerce-focused skill, omission of an explicit safety warning materially raises the chance of accidental transactions and unintended operational impact.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal