Nansen Wallet Manager

Security checks across malware telemetry and agentic risk

Overview

This wallet skill is coherent, but it gives an agent high-impact wallet authority, including sending funds, exporting keys, and deleting wallets, without clear per-action approval safeguards.

Review before installing. Use only low-value or purpose-built wallets unless you fully trust the nansen-cli package and the environment. Require the agent to show the exact command and get explicit approval before any send, export, delete, or default-wallet change, prefer dry-run previews, and avoid environments where wallet credentials fall back to a local .credentials file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly documents `nansen wallet export <name>`, which exposes private key material, but does not place an immediate high-visibility warning at the export command itself about the extreme sensitivity of exported secrets. In a wallet-management skill, agents may treat this as a routine operation and could surface or mishandle private keys in logs, outputs, or downstream tools, leading to full wallet compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal