psilo
Security checks across malware telemetry and agentic risk
Overview
This escrow skill is openly about crypto payments, but some transaction examples are inconsistent enough that users should review it carefully before using real funds.
Review the SDK and contract behavior before using this with real funds. Test on testnets first, require manual confirmation for every transaction, use a dedicated low-balance wallet, verify ERC20 funding and updateStatus response handling against authoritative source code or API docs, and keep wallet keys, bearer tokens, and release secrets away from general-purpose agents.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.