Nansen Wallet Profiler

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Nansen wallet profiler, but it grants the agent access to the whole Nansen CLI instead of only the documented profiler commands.

Install only if you are comfortable letting the agent run the `nansen` CLI with your Nansen API key. Use a scoped or low-risk API key where possible, watch quota or credit usage, and avoid using this skill in an environment where the same CLI has trading, wallet-management, or other sensitive Nansen functions configured unless you are prepared to supervise commands closely.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The skill requires a NANSEN_API_KEY and is explicitly designed to make outbound requests to the Nansen service, but the description does not warn users that invoking the skill will use that credential and transmit wallet query data externally. This can mislead users about privacy, billing/credit consumption, and the fact that their prompts or provided wallet addresses may trigger third-party API activity.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal