Security audit

FXAI

Security checks across malware telemetry and agentic risk

Overview

FXAI is a disclosed crypto token and trading skill, but it needs review because it can use a wallet key to approve spending and execute irreversible BSC transactions without clear safety gates.

Install only if you intend this agent to help create and trade BSC tokens from a configured wallet. Use a dedicated low-balance wallet, verify the contract address and MCP package, avoid a main wallet PRIVATE_KEY, and require a clear human confirmation before every approval, token creation, buy, or sell. Only run the metadata upload helper with files you intend to publish.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger is documented simply as saying “FXAI” to activate the skill, without constraining intent, operation type, or requiring confirmation before high-risk actions. In a skill that can create tokens and submit buy/sell transactions using a configured PRIVATE_KEY, this broad trigger increases the chance of accidental invocation or prompt-collision leading to unintended on-chain actions.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The documentation indicates Chinese-only interaction patterns and examples without stating multilingual support or user opt-in. This can cause users or upstream agents to misinterpret commands, amounts, token directions, or transaction intent, which is especially risky here because the skill performs financial blockchain operations and can spend funds via the MCP-configured PRIVATE_KEY.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill enables irreversible on-chain actions: token creation, approvals, buys, and sells. Without an explicit risk warning or confirmation requirements, users may trigger permanent financial transactions, approve spending to contracts, or deploy tokens they cannot undo, increasing the chance of accidental loss or abuse.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: Requiring a PRIVATE_KEY in the MCP environment creates a highly sensitive signing capability, yet the skill provides no security guidance on storage, least privilege, or operational handling. In this context, the key can authorize token approvals, purchases, sales, and contract interactions, so weak handling materially raises the risk of wallet compromise or unauthorized transactions.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document exposes contract ABI entries for creating tokens and performing buy/sell operations on BNB Chain, but provides no warning that these actions trigger irreversible on-chain transactions involving real funds. In the context of a skill that explicitly depends on a configured PRIVATE_KEY and can execute token creation and trading flows, omission of risk disclosure materially increases the chance of accidental loss, misuse, or uninformed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal