Back to skill

Security audit

Ika Cli

Security checks across malware telemetry and agentic risk

Overview

This is a coherent, instruction-only guide for Ika/Sui dWallet and validator CLI operations, but it involves high-value crypto secrets that users must handle carefully.

Install only verified Ika and Sui CLI binaries. Before running commands, confirm the active wallet, network, object IDs, and transaction effects. Keep seed, mnemonic, decryption-key, secret-key, and secret-share material out of chat, shell history, CI logs, telemetry, source control, and shared files; store any secret files with restrictive permissions and avoid using --yes for signing, validator, or share-visibility changes unless you have independently reviewed the transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to supply highly sensitive secret-share material either from a local file or directly on the command line as hex, but it provides no warning about the security risks of those methods. Command-line arguments can be exposed via shell history, process listings, logs, or agent telemetry, and local files can be left world-readable or persisted unintentionally, which increases the chance of credential compromise.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to write a dWallet secret share to disk via `--output-secret` but does not warn that the resulting file is sensitive material that must be protected, excluded from logs/backups, and stored with restrictive permissions. In a CLI skill intended to guide terminal operations, omission of that warning materially increases the chance of credential disclosure through normal user workflows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The import command requires a raw secret key file, but the reference provides format details without any warning about the extreme sensitivity of handling plaintext private keys on disk. This can lead users to create, copy, or retain unencrypted secret-key files and expose full wallet compromise if those files are leaked, backed up, or inspected by other local processes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The offline keypair generation command explicitly states it outputs a decryption key and seed, yet the documentation gives no warning that these outputs are secret material whose disclosure compromises future operations tied to that keypair. Because this skill is a usage guide, users may copy outputs into terminals, notes, CI logs, or shared files, creating avoidable key exfiltration risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
`ika dwallet share make-public` is described as enabling autonomous signing, which is a major security-state transition, but the documentation does not explain the trust and exposure implications of making secret key shares public. In this skill context, that omission is especially dangerous because the command sounds operationally convenient while potentially weakening safeguards around user-controlled signing flows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation shows `ika dwallet generate-keypair --json` returning highly sensitive secrets including `decryption_key` and `seed` in plain JSON, but provides no warning that these values must never be logged, stored in shell history, or exposed to other tools. In the context of a CLI skill intended for automation and terminal use, this is especially dangerous because JSON output is commonly piped to logs, scripts, MCP tools, and observability systems, creating a realistic path to credential compromise and unauthorized wallet operations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.