Back to skill

Security audit

4CHAD

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated crypto-trading purpose, but it gives an agent high-impact authority to sign and submit real Solana transactions with weak safeguards.

Review carefully before installing. Use only a dedicated low-balance wallet, avoid primary wallet private keys, verify the signing script and its argument order, decode or simulate every transaction before signing, set hard spending and slippage limits, and avoid unattended bot or fee-harvesting loops unless you have monitoring and a kill switch.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (18)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is presented as a trading/launchpad integration, but it also instructs the agent to download and use an external signing script and to handle raw private key material via environment variables and command-line arguments. That materially expands the trust boundary from API usage into wallet-key handling and transaction signing, which is a high-risk capability not clearly surfaced in the declared purpose and can expose users to theft if the downloaded script or generated transaction is malicious.

Missing User Warnings

High
Confidence
97% confidence
Finding
The setup example instructs users to place a Solana private key in an environment variable and persist an API key into shell startup files and plaintext local storage without prominent warnings. In an agent-oriented environment, environment variables, shell history, logs, process listings, backups, or later commands can expose these secrets, enabling wallet takeover or unauthorized API use.

Missing User Warnings

High
Confidence
95% confidence
Finding
The trading-bot example continuously monitors prices and automatically submits signed buy/sell transactions involving real assets, but it lacks prominent warnings about irreversible execution, slippage, volatility, and loss of funds. In the context of an autonomous agent skill for meme-token trading, users may run it as-is and authorize repeated live trades without understanding the financial and operational risk.

Missing User Warnings

High
Confidence
94% confidence
Finding
The portfolio manager and lifecycle automation examples deploy and rebalance actual funds automatically, yet they do not include strong warnings about live capital exposure, transaction irreversibility, or failure modes. Because this skill targets autonomous trading agents, omission of such warnings materially increases the chance of users running the examples against production wallets and losing funds.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example walks users through obtaining an unsigned transaction, signing it with a private key, and broadcasting it on-chain, but it does not place a prominent warning before the workflow that these are real financial actions. In an agent-skill context, this increases the chance that users or autonomous agents execute irreversible blockchain transactions without adequate review of destination, amounts, or transaction contents.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
These scripts continuously and unattendedly fetch transactions, sign them with a wallet key, and submit them in loops using live credentials. In an autonomous-agent setting, unattended financial automation materially raises risk of repeated unintended claims, draining operational funds through gas, or mass execution of malformed or maliciously altered transaction payloads if the upstream API is compromised.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The batch-claim example automates claims across all tokens and submits every signed transaction without an upfront warning about bulk financial actions, cumulative gas costs, or the need to validate each transaction. In an agent context, this can amplify mistakes across many assets at once and reduce human oversight over irreversible blockchain operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The launch instructions tell users to create, sign, and submit a blockchain transaction that will spend SOL and create a token, but they do not explicitly warn that this action is financially consequential and irreversible once broadcast. In an autonomous-agent context, omission of this warning increases the risk of unintended fund expenditure and accidental token launches, especially if an agent executes steps mechanically from documentation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide instructs local signing with a private key variable but does not include clear handling guidance for that credential, such as never logging it, never sending it to third parties, and using secure secret storage. In an agent skill, this omission is dangerous because implementers may pass raw private keys through scripts, environment output, or helper tools, leading to wallet compromise and total asset loss.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger guidance is broad enough that ordinary user requests like checking balances, trading, or launching a token could automatically invoke a skill capable of irreversible financial actions. In an agent setting, this increases the chance of accidental activation or action without sufficiently explicit user confirmation for high-risk blockchain operations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill enables token launches and on-chain trading but does not prominently warn that these actions are irreversible and can cause direct financial loss due to slippage, malicious tokens, bad quotes, or fraudulent unsigned transactions. In this context, missing explicit loss/irreversibility warnings is dangerous because the agent is being encouraged to operate autonomously with real funds.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to sign and submit a swap transaction but does not prominently warn that a signed Solana transaction can irreversibly move assets and cannot be undone once confirmed. In a trading skill, this omission increases the chance that users or agents will execute high-risk actions without validating the transaction contents, destination programs, amounts, and slippage effects.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The DCA and take-profit scripts perform unattended recurring or conditional live trades in infinite polling loops, but the document does not provide a prominent warning about automation risk, runaway losses, API misuse, or repeated submission under volatile conditions. In an autonomous agent context, this is especially dangerous because the examples normalize always-on trading behavior that can drain funds quickly if parameters, market conditions, or helper functions are wrong.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script requires a Solana private key to be passed directly as a command-line argument, which commonly exposes secrets through shell history, process listings, job control logs, and CI/CD command traces. In this skill's context, that risk is especially serious because the key controls blockchain assets and signing authority, so disclosure can lead to irreversible theft or unauthorized transactions.

External Transmission

Medium
Category
Data Exfiltration
Content
SIGNED_TX=$(node sign-transaction.js "$UNSIGNED_TX" "$SOLANA_PRIVATE_KEY")

# Submit to blockchain
curl -X POST https://4chad.xyz/api/v1/agent/transaction/submit \
  -H "X-API-Key: $4CHAD_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"signedTransaction\": \"$SIGNED_TX\"}"
Confidence
94% confidence
Finding
curl -X POST https://4chad.xyz/api/v1/agent/transaction/submit \ -H "X-API-Key: $4CHAD_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
SIGNED_TX=$(node sign-transaction.js "$UNSIGNED_TX" "$SOLANA_PRIVATE_KEY")

# Submit to blockchain
curl -X POST https://4chad.xyz/api/v1/agent/transaction/submit \
  -H "X-API-Key: $4CHAD_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"signedTransaction\": \"$SIGNED_TX\"}"
Confidence
86% confidence
Finding
curl -X POST https://4chad.xyz/api/v1/agent/transaction/submit \ -H "X-API-Key: $4CHAD_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
UNSIGNED_TX=$(echo $RESPONSE | jq -r '.unsignedTransaction')
  SIGNED_TX=$(node sign-transaction.js "$UNSIGNED_TX" "$SOLANA_PRIVATE_KEY")
  
  curl -s -X POST https://4chad.xyz/api/v1/agent/transaction/submit \
    -H "X-API-Key: $4CHAD_API_KEY" \
    -H "Content-Type: application/json" \
    -d "{\"signedTransaction\": \"$SIGNED_TX\"}"
Confidence
91% confidence
Finding
curl -s -X POST https://4chad.xyz/api/v1/agent/transaction/submit \ -H "X-API-Key: $4CHAD_API_KEY" \ -H "Content-Type: application/json" \ -d "{\"signedTransaction\": \"$SIGNED_TX\"}"

External Transmission

Medium
Category
Data Exfiltration
Content
UNSIGNED_TX=$(echo $RESPONSE | jq -r '.unsignedTransaction')
    SIGNED_TX=$(node sign-transaction.js "$UNSIGNED_TX" "$SOLANA_PRIVATE_KEY")
    
    curl -s -X POST https://4chad.xyz/api/v1/agent/transaction/submit \
      -H "X-API-Key: $4CHAD_API_KEY" \
      -H "Content-Type: application/json" \
      -d "{\"signedTransaction\": \"$SIGNED_TX\"}"
Confidence
92% confidence
Finding
curl -s -X POST https://4chad.xyz/api/v1/agent/transaction/submit \ -H "X-API-Key: $4CHAD_API_KEY" \ -H "Content-Type: application/json" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.