Back to skill

Security audit

Crypto Wallets & Payments for AI Agents

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it gives an unpinned external payment tool access to raw crypto private keys and fund-moving actions.

Install only if you trust the OnlySwaps MCP server and are willing to use an agent-accessible hot wallet. Do not use a main wallet or high-value private key; use a new low-balance wallet, verify every recipient and chain, confirm amounts, approvals, slippage, and referral fees before execution, and consider pinning and reviewing the MCP package before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill claims private keys are 'never transmitted,' but its documented invocation passes PRIVATE_KEY into an external MCP server process via environment variables and launches unpinned code with `npx ...@latest`. That combination can expose highly sensitive credentials to a third-party package and any subprocesses, logs, crash reports, or host-level inspection mechanisms, making the assurance materially misleading.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents `setup_wallet` as saving PRIVATE_KEY to `.env` but does not present a strong warning about writing a raw private key to disk. Storing long-lived wallet secrets in a plaintext local file materially increases the chance of compromise through source control leaks, backups, malware, shared workspaces, or accidental disclosure.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The transfer and swap instructions enable direct movement of on-chain assets but do not clearly warn that these transactions spend funds, may be irreversible, and can incur fees or losses from mistakes, slippage, or malicious addresses. In an agent skill context, missing transaction-safety warnings increases the risk of users authorizing actions they do not fully understand.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.