Obverse Payments

Security checks across malware telemetry and agentic risk

Overview

This payment skill is mostly coherent and disclosed, but it needs review because it exposes temporary dashboard passwords in normal outputs and encourages collecting and reusing customer data without clear consent or privacy safeguards.

Install only if you are comfortable giving an agent API-key access to create and inspect payment workflows in your Obverse account. Use separate restricted keys if available, require explicit human confirmation before creating invoices or payment links, avoid sending dashboard passwords through shared chats or logs, and collect or export customer data only with consent and a clear retention policy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The skill generates and returns live dashboard login credentials, including a temporary password, directly in command output. In an agent setting, this creates a clear secret-handling and account-access risk because credentials can be logged, surfaced to untrusted callers, or reused to access sensitive payment analytics and contributor data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The guide explicitly recommends tracking payment-link creation with agent identifiers, amounts, currencies, chains, and timestamps, but provides no privacy notice, minimization guidance, retention limits, or consent mechanism. In a payments context, this metadata can reveal business activity and user behavior patterns even if it does not include full payment credentials.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation tells operators to log all API calls, which can capture sensitive request metadata such as user IDs, payment references, wallet identifiers, headers, and query parameters. In a payment-processing integration, broad request logging increases the chance of leaking operational and financial data through logs, dashboards, or third-party observability tools.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README encourages creating payment links, invoices, and checking payment status for stablecoin transactions on mainnet, but it does not clearly warn that these actions involve real funds and may have irreversible financial consequences once customers pay on-chain. In an agent skill context, conversational commands can make payment operations feel low-risk or reversible, increasing the chance of accidental fund movement, mistaken invoices, or user misunderstanding.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill promotes collection of emails, names, phone numbers, and arbitrary custom fields, but provides no guidance on consent, minimization, retention, or lawful use. In a payments context, this increases the risk of privacy violations, unauthorized profiling, and mishandling of personally identifiable information.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The examples return dashboard credentials in plaintext and encourage use of a dashboard containing customer emails, names, and payment details without any warning about protecting those credentials. If such credentials are surfaced in agent outputs, logs, or chats, an unauthorized party could access sensitive payment analytics and customer data.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The workflow explicitly encourages building mailing lists and exporting customer emails for marketing with no mention of consent or legal restrictions. This creates a clear path for misuse of payment-derived customer data beyond the original transaction purpose.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The chat-style examples instruct the agent to reveal a dashboard username and plaintext password directly in a message. In conversational systems, such secrets are commonly logged, retained, or exposed to unintended recipients, enabling account takeover and access to customer financial and personal data.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The payment submission path sends customer email, wallet addresses, transaction details, and payment metadata to the remote API without any explicit disclosure, minimization, or consent mechanism in the CLI. In an agent context, users may not realize that personally identifiable and financial metadata is being transmitted off-platform, increasing privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The dashboard-generation command emits temporary credentials and step-by-step login instructions with no safety controls or warning about sensitive handling. In agent or automation environments, stdout is often logged or exposed to other tools, so this materially increases the likelihood of credential leakage and unauthorized dashboard access.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The package description presents a very broad payment capability surface for AI agents but does not define when the skill should be invoked, what user consent is required, or what operations are in scope. In a payments/finance context, ambiguous activation can cause an agent to expose or use money-moving functionality in unintended conversations, increasing the risk of unauthorized payment actions or leakage of payment-related data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal