AgentBooks
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed wrapper for a financial and wallet-management CLI, so it is not inherently unsafe but should be used only after auditing the external package.
Install only if you intentionally want an agent finance CLI. Review the agentbooks source and npm package first, run it in a sandbox with a dedicated AGENTBOOKS_DATA_PATH, and use test or throwaway wallets before connecting funded providers or sensitive credentials.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.