Nansen Mpp Payment

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed guide for using Tempo to pay for Nansen API calls, with a real but expected installer and wallet-payment risk.

Install only if you trust Tempo and are comfortable with an agent using a funded payment wallet for API calls. Prefer checking Tempo's official installation guidance, using any available checksum/signature or pinned release, and keeping only a limited wallet balance before running paid requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to execute a remote installer via `curl ... | bash` without any integrity verification, pinning, or warning. This is dangerous because any compromise of the remote host, CDN, DNS, TLS trust chain, or installer content could result in arbitrary code execution on the user's machine at install time.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal