SafeToken.fun

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware-like, but it tells agents how to create real mainnet memecoins from a funded wallet without clear approval or safety controls.

Install only if you intentionally want agent assistance with SafeToken.fun token discovery or creation. Do not give an agent access to a primary wallet or private key; use a limited dedicated wallet, verify the chain ID, contract address, and ABI independently, simulate where possible, and manually approve every wallet transaction and public registration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs an agent to perform an on-chain token creation transaction and then register the token via API, but it does not warn that blockchain transactions are irreversible, incur gas costs, and may create lasting financial or reputational consequences. In an agent context, this omission increases the chance of autonomous or user-unaware execution of costly real-world actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal