Back to skill

Security audit

Web3 Docs

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Web3 documentation skill, but users should treat transaction, deployment, installer, and private-key examples as sensitive commands to review before running.

Install is reasonable for Web3 development reference use. Before running snippets, confirm the network, chain ID, RPC URL, contract address, recipient, token decimals, and amount. Treat deploy, broadcast, approve, transfer, sendTransaction, and writeContract examples as potentially irreversible financial actions, and do not expose real private keys to the agent, source control, logs, shell history, or shared environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill's trigger text uses a very broad catch-all phrase ('or any EVM/blockchain development question'), which can cause the skill to activate on a wide range of loosely related prompts. Over-broad activation increases the chance this skill is invoked in unintended contexts, potentially overriding more appropriate skills or introducing unreviewed guidance and external-doc-fetch behavior where it was not expected.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples show state-changing contract calls and ETH transfers without clearly warning that these operations will prompt a signature and can broadcast real transactions to a live network. In a documentation skill for web3 development, users often copy-paste snippets directly; without an explicit warning to verify chain, recipient, amount, and environment, this increases the risk of accidental fund loss or unintended on-chain actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The reference includes live transaction and broadcasting commands such as `forge script --broadcast` and `cast send` without warning that they can submit real on-chain transactions and spend funds. In a documentation skill intended to be reused by an agent, this increases the risk that users or downstream agents copy commands into a production environment without recognizing the financial consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation references `--private-key $KEY` and credential environment variables without any handling guidance, which can normalize unsafe secret usage. Users may expose secrets in shell history, logs, screenshots, CI output, or accidentally commit them, leading to wallet compromise and unauthorized transactions.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Piping a remote script directly into `bash` executes code fetched over the network without inspection, creating a supply-chain and remote code execution risk if the source, transport, or host is compromised. Even when common in developer tooling, including it without caution encourages unsafe installation habits.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation shows direct use of a private key from an environment variable to construct a signing account without any warning about secret handling. In a broadly used reference skill, this can normalize unsafe key management practices, leading developers to load hot private keys into application runtimes, logs, client bundles, or poorly secured environments where compromise would allow unauthorized transactions and fund loss.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.generated_source_template_injection

User-controlled placeholder is embedded directly into generated source code.

Critical
Code
suspicious.generated_source_template_injection
Location
references/foundry.md:109