Security audit

Teneo-Protocol-CLI

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Teneo agent payments, but it gives the agent high-impact wallet spending authority with under-disclosed private-key and automatic transaction behavior.

Review before installing. Use only a dedicated, low-balance bot wallet, do not provide a primary wallet private key, understand that paid commands can auto-approve USDC payments, and avoid running agent commands unless you are comfortable with the resulting on-chain transactions and room changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The documentation says the skill never asks for or touches an existing user wallet, but the code explicitly supports `TENEO_PRIVATE_KEY` and will use a caller-supplied private key if present. This mismatch is security-relevant because operators may trust the stronger claim and expose a real wallet key to software that can sign payments and transactions.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The code enables `withPayments({ autoApprove: true })` and also registers a `wallet:tx_requested` handler that signs and broadcasts agent-requested on-chain transactions. The markdown does not prominently warn that some agent interactions can trigger automatic payment approval and transaction submission, which can lead to unexpected fund loss or unwanted blockchain actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal