Security audit

Spritz Fiat Rails

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Spritz crypto-to-bank off-ramp guide with real financial risk, but its sensitive actions are purpose-aligned and paired with explicit confirmation and credential-safety instructions.

Install only if you intend to let an agent help with Spritz off-ramp workflows. Use a dedicated or least-privilege Spritz API key if available, store it in a secret manager or untracked local config, and require explicit confirmation for every bank-account change and payment, including destination, amount, network, token, deposit address, and expiry before any crypto is sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This documentation instructs the agent to send crypto to a returned deposit address for bank-account payout without requiring any explicit verification of the destination bank account, payment amount, network, token, or the irreversibility of blockchain transfers. In an off-ramp skill, that omission is dangerous because a mis-bound bank_account_id, wrong network, stale address, or maliciously substituted payment details can lead to permanent loss of funds or payout to the wrong recipient.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The example flow shows authenticated creation of an off-ramp payment tied to a bank account and subsequent status polling, but it omits operational safeguards around transmitting financial identifiers and initiating a fiat payout. In this context, examples are likely to be copied directly into agent logic, so the lack of warnings and verification steps can normalize unsafe automation of irreversible transfers and exposure of sensitive financial metadata.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The setup instructs users to place a live API credential in shell profiles or a project .env without any warning about secret leakage, least-privilege use, file permissions, or exclusion from source control. In an agent/payment skill, exposed credentials could let an attacker query bank-account data or initiate sensitive payment-related actions through the Spritz API, making this more dangerous than a generic developer setup omission.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal